Bulletin ID
Security bulletin for Adobe Acrobat and Reader | APSB19-18
|
Date Published |
Priority |
---|---|---|
APSB19-18 |
May 14, 2019 |
2 |
Summary
Affected Versions
Track |
Affected Versions |
Platform |
|
Acrobat DC |
Continuous |
2019.010.20100 and earlier versions |
Windows and macOS |
Acrobat Reader DC |
Continuous |
2019.010.20099 and earlier versions |
Windows and macOS |
|
|
|
|
Acrobat 2017 |
Classic 2017 |
2017.011.30140 and earlier version |
Windows and macOS |
Acrobat Reader 2017 |
Classic 2017 |
2017.011.30138 and earlier version |
Windows and macOS |
|
|
|
|
Acrobat DC |
Classic 2015 |
2015.006.30495 and earlier versions |
Windows and macOS |
Acrobat Reader DC |
Classic 2015 |
2015.006.30493 and earlier versions |
Windows and macOS |
Solution
Adobe recommends users update their software installations to the latest versions by following the instructions below.
The latest product versions are available to end users via one of the following methods:
- Users can update their product installations manually by choosing Help > Check for Updates.
- The products will update automatically, without requiring user intervention, when updates are detected.
- The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center.
For IT administrators (managed environments):
- Download the enterprise installers from ftp://ftp.adobe.com/pub/adobe/, or refer to the specific release note version for links to installers.
- Install updates via your preferred methodology, such as AIP-GPO, bootstrapper, SCUP/SCCM (Windows), or on macOS, Apple Remote Desktop and SSH.
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:
Track |
Updated Versions |
Platform |
Priority Rating |
Availability |
|
Acrobat DC |
Continuous |
2019.012.20034 |
Windows and macOS |
2 |
|
Acrobat Reader DC |
Continuous |
2019.012.20034 |
Windows and macOS |
2 |
|
|
|
|
|
|
|
Acrobat 2017 |
Classic 2017 |
2017.011.30142 |
Windows and macOS |
2 |
|
Acrobat Reader DC 2017 |
Classic 2017 |
2017.011.30142 |
Windows and macOS |
2 |
|
|
|
|
|
|
|
Acrobat DC |
Classic 2015 |
2015.006.30497 |
Windows and macOS |
2 |
|
Acrobat Reader DC |
Classic 2015 |
2015.006.30497 |
Windows and macOS |
2 |
Vulnerability Details
Vulnerability Impact |
Severity |
CVE Number |
|
---|---|---|---|
Out-of-Bounds Read |
Information Disclosure |
Important |
CVE-2019-7841 CVE-2019-7836 CVE-2019-7826 CVE-2019-7813 CVE-2019-7812 CVE-2019-7811 CVE-2019-7810 CVE-2019-7803 CVE-2019-7802 CVE-2019-7801 CVE-2019-7799 CVE-2019-7798 CVE-2019-7795 CVE-2019-7794 CVE-2019-7793 CVE-2019-7790 CVE-2019-7789 CVE-2019-7787 CVE-2019-7780 CVE-2019-7778 CVE-2019-7777 CVE-2019-7776 CVE-2019-7775 CVE-2019-7774 CVE-2019-7773 CVE-2019-7771 CVE-2019-7770 CVE-2019-7769 CVE-2019-7758 CVE-2019-7145 CVE-2019-7144 CVE-2019-7143 CVE-2019-7142 CVE-2019-7141 CVE-2019-7140 CVE-2019-7966 |
Out-of-Bounds Write |
Arbitrary Code Execution |
Critical |
CVE-2019-7829 CVE-2019-7825 CVE-2019-7822 CVE-2019-7818 CVE-2019-7804 CVE-2019-7800 CVE-2019-7967 |
Type Confusion |
Arbitrary Code Execution |
Critical |
CVE-2019-7820 |
Use After Free |
Arbitrary Code Execution |
Critical |
CVE-2019-7835 CVE-2019-7834 CVE-2019-7833 CVE-2019-7832 CVE-2019-7831 CVE-2019-7830 CVE-2019-7823 CVE-2019-7821 CVE-2019-7817 CVE-2019-7814 CVE-2019-7809 CVE-2019-7808 CVE-2019-7807 CVE-2019-7806 CVE-2019-7805 CVE-2019-7797 CVE-2019-7796 CVE-2019-7792 CVE-2019-7791 CVE-2019-7788 CVE-2019-7786 CVE-2019-7785 CVE-2019-7783 CVE-2019-7782 CVE-2019-7781 CVE-2019-7772 CVE-2019-7768 CVE-2019-7767 CVE-2019-7766 CVE-2019-7765 CVE-2019-7764 CVE-2019-7763 CVE-2019-7762 CVE-2019-7761 CVE-2019-7760 CVE-2019-7759 |
Heap Overflow |
Arbitrary Code Execution |
Critical |
CVE-2019-7828 CVE-2019-7827 |
Buffer Error |
Arbitrary Code Execution |
Critical |
CVE-2019-7824 |
Double Free |
Arbitrary Code Execution |
Critical |
CVE-2019-7784 |
Security Bypass |
Arbitrary Code Execution |
Critical |
CVE-2019-7779 |
Path Traversal |
Information Disclosure |
Important |
CVE-2019-8238 |
Acknowledgements
Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:
- Xu Peng and Su Purui from TCA/SKLCS Institute of Software Chinese Academy of Sciences working with Trend Micro Zero Day Initiative (CVE-2019-7830, CVE-2019-7817)
hungtt28 of Viettel Cyber Security working with Trend Micro Zero Day Initiative (CVE-2019-7826, CVE-2019-7820)
Esteban Ruiz (mr_me) of Source Incite working with Trend Micro Zero Day Initiative (CVE-2019-7825, CVE-2019-7822, CVE-2019-7821)
Anonymous working with Trend Micro Zero Day Initiative (CVE-2019-7824, CVE-2019-7823, CVE-2019-7797, CVE-2019-7759, CVE-2019-7758)
T3rmin4t0r working with Trend Micro Zero Day Initiative (CVE-2019-7796)
Ron Waisberg working with Trend Micro Zero Day Initiative (CVE-2019-7794)
Xudong Shao of Qihoo360 Vulcan Team (CVE-2019-7784)
Peternguyen working with Trend Micro Zero Day Initiative (CVE-2019-7814, CVE-2019-7760)
Gal De Leon of Palo Alto Networks (CVE-2019-7762)
Aleksandar Nikolic of Cisco Talos (CVE-2019-7831, CVE-2019-7761)
hemidallt working with Trend Micro Zero Day Initiative (CVE-2019-7809)
Ke Liu of Tencent Security Xuanwu Lab (CVE-2019-7780, CVE-2019-7779, CVE-2019-7771, CVE-2019-7770, CVE-2019-7769, CVE-2019-7811, CVE-2019-7795, CVE-2019-7789, CVE-2019-7788)
Steven Seeley via Trend Micro's Zero Day Initiative (CVE-2019-7829, CVE-2019-7828, CVE-2019-7827, CVE-2019-7810, CVE-2019-7804, CVE-2019-7803, CVE-2019-7802, CVE-2019-7801, CVE-2019-7800, CVE-2019-7799, CVE-2019-7798, CVE-2019-7787, CVE-2019-7786, CVE-2019-7785, CVE-2019-7145, CVE-2019-7144, CVE-2019-7143, CVE-2019-7141, CVE-2019-7140)
Wei Lei of STARLabs (CVE-2019-7142)
@j00sean (CVE-2019-7812, CVE-2019-7791, CVE-2019-7790)
willJ working with Trend Micro Zero Day Initiative (CVE-2019-7818)
Zhenjie Jia from Qihoo360 Vulcan team (CVE-2019-7813)
Zhibin Zhang of Palo Alto Networks (CVE-2019-7841, CVE-2019-7836, CVE-2019-7835, CVE-2019-7774, CVE-2019-7767)
Bo Qu of Palo Alto Networks and Heige of Knownsec 404 Security Team (CVE-2019-7773, CVE-2019-7766, CVE-2019-7764)
Qi Deng of Palo Alto Networks (CVE-2019-7834, CVE-2019-7833, CVE-2019-7832, CVE-2019-7772, CVE-2019-7768)
Hui Gao of Palo Alto Networks (CVE-2019-7808, CVE-2019-7807, CVE-2019-7806)
Zhaoyan Xu of Palo Alto Networks (CVE-2019-7793, CVE-2019-7792, CVE-2019-7783)
Zhanglin He of Palo Alto Networks (CVE-2019-7782, CVE-2019-7781, CVE-2019-7778, CVE-2019-7765)
Taojie Wang of Palo Alto Networks (CVE-2019-7777, CVE-2019-7776, CVE-2019-7775, CVE-2019-7763)
- An independent Security Researcher has reported this vulnerability to SSD Secure Disclosure program (CVE-2019-7805)
- Steven Seeley (mr_me) of Source Incite working with iDefense Labs (CVE-2019- 7966, CVE-2019-7967)
- Kevin Stoltz from CompuPlus, Inc. (CVE-2019-8238)
Revisions
July 08, 2019: Updated Acknowledgements section
August 15, 2019: Inlcuded details about CVE-2019-7966 & CVE-2019-7967
October 23, 2019: Inlcuded details about CVE-2019-8238.