Security Updates Available for Adobe Digital Editions | APSB18-27
Bulletin ID Date Published Priority
APSB18-27 October 09, 2018 3

Summary

Adobe has released a security update for Adobe Digital Editions.  This update resolves critical vulnerabilities.  Successful exploitation could lead to arbitrary code execution in the context of the current user.

Affected product versions

Product Version Platform
Adobe Digital Edition 4.5.8 and below   Windows, Macintosh and iOS  

Solution

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:

Product Version Platform Priority Availability
Adobe Digital Editions 4.5.9 Windows 3 Download Page
Macintosh 3 Download Page
iOS 3 iTunes

Note:

  • Customers can download the update from the Adobe Digital Editions download page, or utilize the product’s update mechanism when prompted.
  • For more information, please reference the release notes.

Vulnerability details

Vulnerability Category Vulnerability Impact Severity CVE Numbers
Heap overflow Arbitrary Code Execution Critical

CVE-2018-12813

CVE-2018-12814

CVE-2018-12823

Out of bounds read Information Disclosure Important

CVE-2018-12816

CVE-2018-12818

CVE-2018-12819

CVE-2018-12820

CVE-2018-12821

Use after free Arbitrary Code Execution Critical CVE-2018-12822

Acknowledgments

Adobe would like to thank Jaanus Kääp of Clarified Security for reporting these issues and for working with Adobe to help protect our customers. 

Revisions

October 10, 2018: Updated the CVE number from CVE-2018-12815 to CVE-2018-12823.