Adobe Security Bulletin

Security Bulletin for Adobe Acrobat and Reader | APSB18-29

Bulletin ID	Date Published	Priority
APSB18-29	August 14, 2018	2

Adobe has released security updates for Adobe Acrobat and Reader for Windows and MacOS. These updates address critical vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Product	Track	Affected Versions	Platform	Priority rating
Acrobat DC	Continuous	2018.011.20055 and earlier versions	Windows and macOS	2
Acrobat Reader DC	Continuous	2018.011.20055 and earlier versions	Windows and macOS	2

Acrobat 2017	Classic 2017	2017.011.30096 and earlier versions	Windows and macOS	2
Acrobat Reader 2017	Classic 2017	2017.011.30096 and earlier versions	Windows and macOS	2

Acrobat DC	Classic 2015	2015.006.30434 and earlier versions	Windows and macOS	2
Acrobat Reader DC	Classic 2015	2015.006.30434 and earlier versions	Windows and macOS	2

For questions regarding Acrobat DC, please visit the Acrobat DC FAQ page.

For questions regarding Acrobat Reader DC, please visit the Acrobat Reader DC FAQ page.

Adobe recommends users update their software installations to the latest versions by following the instructions below.
The latest product versions are available to end users via one of the following methods:

Users can update their product installations manually by choosing Help > Check for Updates.
The products will update automatically, without requiring user intervention, when updates are detected.
The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center.

For IT administrators (managed environments):

Download the enterprise installers from ftp://ftp.adobe.com/pub/adobe/, or refer to the specific release note version for links to installers.
Install updates via your preferred methodology, such as AIP-GPO, bootstrapper, SCUP/SCCM (Windows), or on macOS, Apple Remote Desktop and SSH.

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:

Product	Track	Updated Versions	Platform	Priority Rating	Availability
Acrobat DC	Continuous	2018.011.20058	Windows and macOS	2	Windows macOS
Acrobat Reader DC	Continuous	2018.011.20058	Windows and macOS	2	Windows macOS

Acrobat 2017	Classic 2017	2017.011.30099	Windows and macOS	2	Windows macOS
Acrobat Reader DC 2017	Classic 2017	2017.011.30099	Windows and macOS	2	Windows macOS

Acrobat DC	Classic 2015	2015.006.30448	Windows and macOS	2	Windows macOS
Acrobat Reader DC	Classic 2015	2015.006.30448	Windows and macOS	2	Windows macOS

Note:

As noted in this previous announcement, support for Adobe Acrobat 11.x and Adobe Reader 11.x ended on October 15, 2017. Version 11.0.23 is the final release for Adobe Acrobat 11.x and Adobe Reader 11.x. Adobe strongly recommends that you update to the latest versions of Adobe Acrobat DC and Adobe Acrobat Reader DC. By updating installations to the latest versions, you benefit from the latest functional enhancements and improved security measures.

Vulnerability Category	Vulnerability Impact	Severity	CVE Number
Out-of-bounds write	Arbitrary Code Execution	Critical	CVE-2018-12808
Untrusted pointer dereference	Arbitrary Code Execution	Critical	CVE-2018-12799

Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:

Abdul Aziz Hariri of Trend Micro's Zero Day Initiative (CVE-2018-12799)
Cybellum Technologies LTD (CVE-2018-12808)

Adobe Security Bulletin

Summary

Affected Versions

Solution

Vulnerability Details

Acknowledgements

Ask the Community

Contact Us