Adobe Security Bulletin

Security update available for Adobe Acrobat and Reader | APSB19-55

Bulletin ID

Date Published

Priority

APSB19-55

December 10, 2019

2

Summary

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and  important vulnerabilities.  Successful exploitation could lead to arbitrary code execution in the context of the current user.    

Affected Versions

Product

Track

Affected Versions

Platform

Acrobat DC 

Continuous 

2019.021.20056 and earlier versions 

Windows & macOS

Acrobat Reader DC

Continuous 

 2019.021.20056 and earlier versions 

Windows & macOS

 

 

 

 

Acrobat 2017

Classic 2017

2017.011.30152 and earlier versions 

Windows 

Acrobat 2017

Classic 2017

2017.011.30155 and earlier version

macOS

Acrobat Reader 2017

Classic 2017

2017.011.30152 and earlier versions

Windows & macOS

 

 

 

 

Acrobat 2015 

Classic 2015

2015.006.30505 and earlier versions

Windows & macOS

Acrobat Reader 2015

Classic 2015

2015.006.30505 and earlier versions

Windows & macOS

Solution

Adobe recommends users update their software installations to the latest versions by following the instructions below.    

The latest product versions are available to end users via one of the following methods:    

  • Users can update their product installations manually by choosing Help > Check for Updates.     

  • The products will update automatically, without requiring user intervention, when updates are detected.      

  • The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center.     

For IT administrators (managed environments):     

  • Download the enterprise installers from ftp://ftp.adobe.com/pub/adobe/, or refer to the specific release note version for links to installers.     

  • Install updates via your preferred methodology, such as AIP-GPO, bootstrapper, SCUP/SCCM (Windows), or on macOS, Apple Remote Desktop and SSH.     

   

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:    

Product

Track

Updated Versions

Platform

Priority Rating

Availability

Acrobat DC

Continuous

2019.021.20058

Windows and macOS

2

Windows    

macOS  

Acrobat Reader DC

Continuous

2019.021.20058

Windows and macOS

2

 

 

 

 

 

 

Acrobat 2017

Classic 2017

2017.011.30156

Windows and macOS

2

Acrobat Reader 2017

Classic 2017

2017.011.30156

Windows and macOS

2

 

 

 

 

 

 

Acrobat 2015

Classic 2015

2015.006.30508

Windows and macOS

2

Acrobat Reader 2015

Classic 2015

2015.006.30508

Windows and macOS

2

Vulnerability Details

Vulnerability Category

Vulnerability Impact

Severity

CVE Number

Out-of-Bounds Read  

Information Disclosure  

Important   

CVE-2019-16449

CVE-2019-16456

CVE-2019-16457

CVE-2019-16458

CVE-2019-16461

CVE-2019-16465

Out-of-Bounds Write 

Arbitrary Code Execution   

Critical

CVE-2019-16450

CVE-2019-16454

Use After Free   

Arbitrary Code Execution     

Critical

CVE-2019-16445

CVE-2019-16448

CVE-2019-16452

CVE-2019-16459

CVE-2019-16464

CVE-2019-16471

Heap Overflow 

Arbitrary Code Execution     

Critical

CVE-2019-16451

Buffer Error

Arbitrary Code Execution     

Critical

CVE-2019-16462

CVE-2019-16470

Untrusted Pointer Dereference

Arbitrary Code Execution 

Critical

CVE-2019-16446

CVE-2019-16455

CVE-2019-16460

CVE-2019-16463

Binary Planting (default folder privilege escalation) 

Privilege Escalation

Important 

CVE-2019-16444

Security Bypass

Arbitrary Code Execution

Critical

CVE-2019-16453

Acknowledgements

Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:    

  • Mateusz Jurczyk of Google Project Zero & Anonymous working with Trend Micro Zero Day Initiative (CVE-2019-16451)
  • Honc (章哲瑜) (CVE-2019-16444) 
  • Ke Liu of Tencent Security Xuanwu Lab. (CVE-2019-16445, CVE-2019-16449, CVE-2019-16450, CVE-2019-16454, CVE-2019-16471)
  • Sung Ta (@Mipu94) of SEFCOM Lab, Arizona State University (CVE-2019-16446, CVE-2019-16448) 
  • Aleksandar Nikolic of Cisco Talos (CVE-2019-16463)
  • Technical support team of HTBLA Leonding (CVE-2019-16453) 
  • Haikuo Xie of Baidu Security Lab (CVE-2019-16461)
  • Bit of STAR Labs (CVE-2019-16452) 
  • Xinyu Wan and Yiwei Zhang from Renmin University of China (CVE-2019-16455, CVE-2019-16460, CVE-2019-16462)
  • Bo Qu of Palo Alto Networks and Heige of Knownsec 404 Security Team (CVE-2019-16456) 
  • Zhibin Zhang of Palo Alto Networks (CVE-2019-16457)
  • Qi Deng, Ken Hsu of Palo Alto Networks (CVE-2019-16458) 
  • Lexuan Sun, Hao Cai of Palo Alto Networks (CVE-2019-16459)
  • Yue Guan, Haozhe Zhang of Palo Alto Networks (CVE-2019-16464) 
  • Hui Gao of Palo Alto networks (CVE-2019-16465)
  • Zhibin Zhang, Yue Guan of Palo Alto Networks (CVE-2019-16465)
  • Zhangqing and Zhiyuan Wang from cdsrc of Qihoo 360 (CVE-2019-16470)

 

Revisions

March 26, 2020: Added acknowledgement for CVE-2019-16471, CVE-2019-16470

.

 

 Adobe

Nhận trợ giúp nhanh chóng và dễ dàng hơn

Bạn là người dùng mới?

Adobe MAX 2024

Adobe MAX
Hội thảo sáng tạo

14–16/10 Bãi biển Miami và trực tuyến

Adobe MAX

Hội thảo sáng tạo

14–16/10 Bãi biển Miami và trực tuyến

Adobe MAX 2024

Adobe MAX
Hội thảo sáng tạo

14–16/10 Bãi biển Miami và trực tuyến

Adobe MAX

Hội thảo sáng tạo

14–16/10 Bãi biển Miami và trực tuyến