Adobe Security Bulletin

ค้นหา

อัปเดตครั้งล่าสุดเมื่อ 21 ธ.ค. 2021

Security update available for Adobe Acrobat and Reader | APSB19-55

Bulletin ID	Date Published	Priority
APSB19-55	December 10, 2019	2

Summary

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and  important vulnerabilities.  Successful exploitation could lead to arbitrary code execution in the context of the current user.    

Affected Versions

Product	Track	Affected Versions	Platform
Acrobat DC	Continuous	2019.021.20056 and earlier versions	Windows & macOS
Acrobat Reader DC	Continuous	2019.021.20056 and earlier versions	Windows & macOS

Acrobat 2017	Classic 2017	2017.011.30152 and earlier versions	Windows
Acrobat 2017	Classic 2017	2017.011.30155 and earlier version	macOS
Acrobat Reader 2017	Classic 2017	2017.011.30152 and earlier versions	Windows & macOS

Acrobat 2015	Classic 2015	2015.006.30505 and earlier versions	Windows & macOS
Acrobat Reader 2015	Classic 2015	2015.006.30505 and earlier versions	Windows & macOS

Solution

Adobe recommends users update their software installations to the latest versions by following the instructions below.    

The latest product versions are available to end users via one of the following methods:    

Users can update their product installations manually by choosing Help > Check for Updates.     
The products will update automatically, without requiring user intervention, when updates are detected.     
The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center.

For IT administrators (managed environments):     

Download the enterprise installers from ftp://ftp.adobe.com/pub/adobe/, or refer to the specific release note version for links to installers.     
Install updates via your preferred methodology, such as AIP-GPO, bootstrapper, SCUP/SCCM (Windows), or on macOS, Apple Remote Desktop and SSH.

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:    

Product	Track	Updated Versions	Platform	Priority Rating	Availability
Acrobat DC	Continuous	2019.021.20058	Windows and macOS	2	Windows     macOS
Acrobat Reader DC	Continuous	2019.021.20058	Windows and macOS	2	Windows macOS

Acrobat 2017	Classic 2017	2017.011.30156	Windows and macOS	2	Windows macOS
Acrobat Reader 2017	Classic 2017	2017.011.30156	Windows and macOS	2	Windows macOS

Acrobat 2015	Classic 2015	2015.006.30508	Windows and macOS	2	Windows macOS
Acrobat Reader 2015	Classic 2015	2015.006.30508	Windows and macOS	2	Windows macOS

Vulnerability Details

Vulnerability Category	Vulnerability Impact	Severity	CVE Number
Out-of-Bounds Read	Information Disclosure	Important	CVE-2019-16449 CVE-2019-16456 CVE-2019-16457 CVE-2019-16458 CVE-2019-16461 CVE-2019-16465
Out-of-Bounds Write	Arbitrary Code Execution	Critical	CVE-2019-16450 CVE-2019-16454
Use After Free	Arbitrary Code Execution	Critical	CVE-2019-16445 CVE-2019-16448 CVE-2019-16452 CVE-2019-16459 CVE-2019-16464 CVE-2019-16471
Heap Overflow	Arbitrary Code Execution	Critical	CVE-2019-16451
Buffer Error	Arbitrary Code Execution	Critical	CVE-2019-16462 CVE-2019-16470
Untrusted Pointer Dereference	Arbitrary Code Execution	Critical	CVE-2019-16446 CVE-2019-16455 CVE-2019-16460 CVE-2019-16463
Binary Planting (default folder privilege escalation)	Privilege Escalation	Important	CVE-2019-16444
Security Bypass	Arbitrary Code Execution	Critical	CVE-2019-16453

Acknowledgements

Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:    

Mateusz Jurczyk of Google Project Zero & Anonymous working with Trend Micro Zero Day Initiative (CVE-2019-16451)
Honc (章哲瑜) (CVE-2019-16444)
Ke Liu of Tencent Security Xuanwu Lab. (CVE-2019-16445, CVE-2019-16449, CVE-2019-16450, CVE-2019-16454, CVE-2019-16471)
Sung Ta (@Mipu94) of SEFCOM Lab, Arizona State University (CVE-2019-16446, CVE-2019-16448)
Aleksandar Nikolic of Cisco Talos (CVE-2019-16463)
Technical support team of HTBLA Leonding (CVE-2019-16453)
Haikuo Xie of Baidu Security Lab (CVE-2019-16461)
Bit of STAR Labs (CVE-2019-16452)
Xinyu Wan and Yiwei Zhang from Renmin University of China (CVE-2019-16455, CVE-2019-16460, CVE-2019-16462)
Bo Qu of Palo Alto Networks and Heige of Knownsec 404 Security Team (CVE-2019-16456)
Zhibin Zhang of Palo Alto Networks (CVE-2019-16457)
Qi Deng, Ken Hsu of Palo Alto Networks (CVE-2019-16458)
Lexuan Sun, Hao Cai of Palo Alto Networks (CVE-2019-16459)
Yue Guan, Haozhe Zhang of Palo Alto Networks (CVE-2019-16464)
Hui Gao of Palo Alto networks (CVE-2019-16465)
Zhibin Zhang, Yue Guan of Palo Alto Networks (CVE-2019-16465)
Zhangqing and Zhiyuan Wang from cdsrc of Qihoo 360 (CVE-2019-16470)

Revisions

March 26, 2020: Added acknowledgement for CVE-2019-16471, CVE-2019-16470

.

รับความช่วยเหลือได้เร็วและง่ายกว่าเดิม

หากคุณเป็นผู้ใช้ใหม่