Published on: 20 September 2018
Security updates are released for Adobe Reader/Acrobat to address multiple vulnerabilities. To exploit the vulnerabilities, a remote attacker would entice a targeted user to open a specially crafted PDF file.
Please also note that the support for Adobe Acrobat XI 11.x and Adobe Reader XI 11.x ended on 15.10.2017. Users should arrange software replacement by adopting other supported products as soon as possible.
A successful exploitation could lead to arbitrary code execution and information disclosure of an affected system.
Upgrade Adobe Reader/Acrobat to the following versions to address the issues.
The upgrade can be obtained by using the auto-update mechanism or by downloading at the following URLs:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Mac
https://helpx.adobe.com/security/products/acrobat/apsb18-34.html
https://helpx.adobe.com/acrobat/kb/end-of-support-acrobat-xi-reader-xi.html
https://www.hkcert.org/my_url/en/alert/18092001
https://www.us-cert.gov/ncas/current-activity/2018/09/19/Adobe-Releases-Security-Updates
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12775
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12778
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12801
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12840
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12848 (to CVE-2018-12850)