Security Alert (A18-07-05): Multiple Vulnerabilities in Adobe Flash Player and Adobe Reader/Acrobat


 

Published on: 11 July 2018

  
  

Description:

Security updates are released for Adobe Flash Player and Adobe Reader/Acrobat to address multiple vulnerabilities.  To exploit the vulnerabilities, a remote attacker would entice a targeted user to open a specially crafted PDF file, web page, Flash file, or document with embedded malicious Flash content.

Please note that Adobe announced that the support for Adobe Flash will be ceased at the end of 2020 and no security updates will be provided after that. The support for Adobe Acrobat XI 11.x and Adobe Reader XI 11.x ended on 15.10.2017. Users should arrange migrating to other supported technology.

 

Affected Systems:

  • Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux 30.0.0.113 and earlier versions
  • Adobe Flash Player for Google Chrome 30.0.0.113 and earlier versions
  • Adobe Flash Player for Microsoft Edge and Internet Explorer 11 30.0.0.113 and earlier versions
  • Adobe Acrobat/Acrobat Reader 2017 2017.011.30080 and earlier versions
  • Adobe Acrobat DC/Acrobat Reader DC Continuous 2018.011.20040 and earlier versions
  • Adobe Acrobat DC/Acrobat Reader DC Classic 2015.006.30418 and earlier versions

 

Impact:

A successful exploitation could lead to arbitrary code execution, information disclose, or elevation of privilege on an affected system.

 

Recommendation:

Upgrade Adobe Flash Player and Adobe Reader/Acrobat to the following versions to address the issues. The upgrade can be obtained by using the auto-update mechanism or by downloading at the following URLs:

  • Adobe Flash Player Desktop Runtime 30.0.0.134 for Windows and Macintosh
    https://get.adobe.com/flashplayer/
    http://www.adobe.com/products/players/flash-player-distribution.html

  • Adobe Flash Player 30.0.0.134 for Google Chrome
    https://chromereleases.googleblog.com/

  • Adobe Flash Player 30.0.0.134 for Microsoft Edge and Internet Explorer 11
    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180017

  • Adobe Flash Player 30.0.0.134 for Linux
    https://get.adobe.com/flashplayer/

  • Acrobat DC (Continuous) 2018.011.20055
    http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
    http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Mac

  • Acrobat Reader DC (Continuous) 2018.011.20055
    http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
    http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Mac

  • Acrobat 2017 2017.011.30096
    http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
    http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Mac

  • Acrobat Reader DC 2017 2017.011.30096
    http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
    http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Mac

  • Acrobat Reader DC (Classic 2015) 2015.006.30434
    http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
    http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Mac

  • Acrobat DC (Classic 2015) 2015.006.30434
    http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
    http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Mac

If you have multiple browsers, you are required to perform the Adobe Flash Player upgrade for each browser, the Flash Player version can be checked at

http://www.adobe.com/software/flash/about/

 

More Information:

https://helpx.adobe.com/security/products/acrobat/apsb18-21.html
https://helpx.adobe.com/security/products/flash-player/apsb18-24.html
https://helpx.adobe.com/acrobat/kb/end-of-support-acrobat-xi-reader-xi.html
https://www.hkcert.org/my_url/en/alert/18071102
https://www.us-cert.gov/ncas/current-activity/2018/07/10/Adobe-Releases-Security-Updates
http://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2018-5007 (to CVE-2018-5012)
http://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2018-5014 (to CVE-2018-5070)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12754 (to CVE-2018-12758)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12760 (to CVE-2018-12768)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12770 (to CVE-2018-12774)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12777
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12779 (to CVE-2018-12798)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12803

 



Tag: Adobe , Acrobat , Acrobat Reader , Adobe Reader , Flash Player
Tags