Description:
Security updates are released for Adobe Acrobat and Reader to address multiple vulnerabilities caused by use-after-free error, double-free error, memory corruption, problems in Javascript API and directory search path problem in Adobe Download Manager. To successfully exploit the vulnerabilities, a remote attacker could entice a targeted user to open a specially crafted PDF file, web page, Flash file, or document that supports embedded Flash content.
Affected Systems:
> Adobe Acrobat DC/Acrobat Reader DC Continuous 15.009.20077 and earlier versions
> Adobe Acrobat DC/Acrobat Reader DC Classic 15.006.30097 and earlier versions
> Adobe Acrobat/Reader XI 11.0.13 and earlier versions
Impact:
A successful attack could lead to arbitrary code execution, bypass of security restrictions or potentially take control of the affected system.
Recommendation:
Upgrade Adobe Flash Player to the following versions to address the issues. The upgrade can be obtained by using the auto-update mechanism or by downloading at the following URLs:
> Adobe Acrobat DC Continuous 15.010.20056, Classic 15.006.30119, Acrobat XI 11.0.14
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh
> Adobe Acrobat Reader DC Classic 15.006.30119, Reader XI 11.0.14
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh
> Adobe Acrobat Reader DC Continuous 15.010.20056
http://get.adobe.com/reader/
If you have multiple browsers, you are required to perform the Adobe Flash Player upgrade for each browser, the Flash Player version can be checked at http://www.adobe.com/software/flash/about/