Bulletin ID
Last updated on
16 May 2021
|
Also applies to Digital Editions
Security Updates Available for Adobe Digital Editions | APSB18-27
|
|
Date Published |
Priority |
|---|---|---|
|
APSB18-27 |
October 09, 2018 |
3 |
Summary
Adobe has released a security update for Adobe Digital Editions. This update resolves critical vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Affected product versions
|
Product |
Version |
Platform |
|---|---|---|
|
Adobe Digital Edition |
4.5.8 and below |
Windows, Macintosh and iOS |
Solution
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:
| Product | Version | Platform | Priority | Availability |
|---|---|---|---|---|
| Adobe Digital Editions | 4.5.9 | Windows | 3 | Download Page |
| Macintosh | 3 | Download Page | ||
| iOS | 3 | iTunes |
Note:
- Customers can download the update from the Adobe Digital Editions download page, or utilize the product’s update mechanism when prompted.
- For more information, please reference the release notes.
Vulnerability details
|
Vulnerability Category |
Vulnerability Impact |
Severity |
CVE Numbers |
|---|---|---|---|
|
Heap overflow |
Arbitrary Code Execution |
Critical |
CVE-2018-12813 CVE-2018-12814 CVE-2018-12823 |
|
Out of bounds read |
Information Disclosure |
Important |
CVE-2018-12816 CVE-2018-12818 CVE-2018-12819 CVE-2018-12820 CVE-2018-12821 |
|
Use after free |
Arbitrary Code Execution |
Critical |
CVE-2018-12822 |
Acknowledgments
Adobe would like to thank Jaanus Kääp of Clarified Security for reporting these issues and for working with Adobe to help protect our customers.
Revisions
October 10, 2018: Updated the CVE number from CVE-2018-12815 to CVE-2018-12823.
Adobe MAX
The Creativity Conference
Oct 14–16 Miami Beach and online
Adobe MAX
The Creativity Conference
Oct 14–16 Miami Beach and online