JPCERT-AT-2018-0039
JPCERT/CC
2018-09-20(Initial)
2018-09-21(Update)
Adobe Systems Incorporated
Security Bulletin for Adobe Acrobat and Reader | APSB18-34
https://helpx.adobe.com/security/products/acrobat/apsb18-34.html
- Adobe Acrobat Reader DC Continuous (2018.011.20058) and earlier
- Adobe Acrobat Reader 2017 Classic 2017 (2017.011.30099) and earlier
- Adobe Acrobat Reader DC Classic 2015 (2015.006.30448) and earlier
- Adobe Acrobat DC Continuous (2018.011.20058) and earlier
- Adobe Acrobat 2017 Classic 2017 (2017.011.30099) and earlier
- Adobe Acrobat DC Classic 2015 (2015.006.30448) and earlier
- Adobe Acrobat Reader DC Continuous (2018.011.20063)
- Adobe Acrobat Reader 2017 Classic 2017 (2017.011.30102)
- Adobe Acrobat Reader DC Classic 2015 (2015.006.30452)
- Adobe Acrobat DC Continuous (2018.011.20063)
- Adobe Acrobat 2017 Classic 2017 (2017.011.30102)
- Adobe Acrobat DC Classic 2015 (2015.006.30452)
Acrobat will be updated by starting the product, selecting the menu"Help (H)", and then clicking "Check for Updates (U)". If an update from the menu is not available, please download the latest Adobe Reader and Acrobat from the following URL. For more information,please refer to the Adobe website.
Adobe.com - New downloads
https://supportdownloads.adobe.com/new.jsp
Adobe Systems Incorporated
Security Bulletin for Adobe Acrobat and Reader | APSB18-34
https://helpx.adobe.com/security/products/acrobat/apsb18-34.html
Adobe Systems Incorporated
Security Updates available for Adobe Acrobat and Reader (APSB18-34)
https://blogs.adobe.com/psirt/?p=1617
If you have any information regarding this alert, please contact JPCERT/CC.
2018-09-21 Updated "I. Overview"
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: +81-3-3518-4600 FAX: +81-3-3518-4602
https://www.jpcert.or.jp/english/
JPCERT/CC
2018-09-20(Initial)
2018-09-21(Update)
I. Overview
Multiple vulnerabilities exist in Adobe Acrobat Reader, a PDF file viewing software, and Adobe Acrobat, a PDF file creation and conversion software. As a result, an attacker may execute arbitrary code or disclose information by convincing a user to open contents leveraging the vulnerabilities. For more information, please refer to the Adobe website. In addition, as for the vulnerability (CVE-2018-12794), the reporter released the detailed information on the vulnerability.Adobe Systems Incorporated
Security Bulletin for Adobe Acrobat and Reader | APSB18-34
https://helpx.adobe.com/security/products/acrobat/apsb18-34.html
Update: September 21, 2018 Update
The vulnerability (CVE-2018-12794) was addressed in the advisory(APSB18-21) which was released in July 2018. JPCERT/CC tested the Proof-of-Concept (PoC) code which has been made public, and confirmed that the PoC code can cause an abnormal termination of Adobe Acrobat Reader DC Continuous if it is prior to Adobe Acrobat Reader DC Continuous (2018.011.20055) which was released in July 2018.
JPCERT/CC
Alert Regarding Vulnerabilities in Adobe Reader and Acrobat (APSB18-21)
https://www.jpcert.or.jp/english/at/2018/at180026.html
It is recommended to update to the latest version as soon as possible.
JPCERT/CC
Alert Regarding Vulnerabilities in Adobe Reader and Acrobat (APSB18-21)
https://www.jpcert.or.jp/english/at/2018/at180026.html
It is recommended to update to the latest version as soon as possible.
II. Affected Products
Affected products and versions are as follows:- Adobe Acrobat Reader DC Continuous (2018.011.20058) and earlier
- Adobe Acrobat Reader 2017 Classic 2017 (2017.011.30099) and earlier
- Adobe Acrobat Reader DC Classic 2015 (2015.006.30448) and earlier
- Adobe Acrobat DC Continuous (2018.011.20058) and earlier
- Adobe Acrobat 2017 Classic 2017 (2017.011.30099) and earlier
- Adobe Acrobat DC Classic 2015 (2015.006.30448) and earlier
III. Solution
Please update Adobe Reader and Acrobat to the latest version listed below.- Adobe Acrobat Reader DC Continuous (2018.011.20063)
- Adobe Acrobat Reader 2017 Classic 2017 (2017.011.30102)
- Adobe Acrobat Reader DC Classic 2015 (2015.006.30452)
- Adobe Acrobat DC Continuous (2018.011.20063)
- Adobe Acrobat 2017 Classic 2017 (2017.011.30102)
- Adobe Acrobat DC Classic 2015 (2015.006.30452)
Acrobat will be updated by starting the product, selecting the menu"Help (H)", and then clicking "Check for Updates (U)". If an update from the menu is not available, please download the latest Adobe Reader and Acrobat from the following URL. For more information,please refer to the Adobe website.
Adobe.com - New downloads
https://supportdownloads.adobe.com/new.jsp
IV. References
Adobe Systems Incorporated
Security Bulletin for Adobe Acrobat and Reader | APSB18-34
https://helpx.adobe.com/security/products/acrobat/apsb18-34.html
Adobe Systems Incorporated
Security Updates available for Adobe Acrobat and Reader (APSB18-34)
https://blogs.adobe.com/psirt/?p=1617
If you have any information regarding this alert, please contact JPCERT/CC.
Revision History
2018-09-20 First edition2018-09-21 Updated "I. Overview"
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: +81-3-3518-4600 FAX: +81-3-3518-4602
https://www.jpcert.or.jp/english/