Published on: 02 October 2018
Security updates are released for Adobe Reader/Acrobat to address multiple vulnerabilities. To exploit the vulnerabilities, a remote attacker would entice a targeted user to open a specially crafted PDF file.
Please also note that the support for Adobe Acrobat XI 11.x and Adobe Reader XI 11.x ended on 15.10.2017. Users should arrange software replacement by adopting other supported products as soon as possible.
A successful exploitation could lead to arbitrary code execution, privilege escalation and information disclosure of an affected system.
Upgrade Adobe Reader/Acrobat to the following versions to address the issues.
The upgrade can be obtained by using the auto-update mechanism or by downloading at the following URLs:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Mac
https://helpx.adobe.com/security/products/acrobat/apsb18-30.html
https://helpx.adobe.com/acrobat/kb/end-of-support-acrobat-xi-reader-xi.html
https://www.hkcert.org/my_url/en/alert/18100201
https://www.us-cert.gov/ncas/current-activity/2018/10/01/Adobe-Releases-Security-Updates
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12759
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12769
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12831 (to CVE-2018-12839)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12841 (to CVE-2018-12847)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12851 (to CVE-2018-12853)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12855 (to CVE-2018-12881)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15920
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15922 (to CVE-2018-12956)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15966
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15968