[German]Adobe has released a hotfix update for Adobe Acrobat and Adobe Reader DC to version 2019.10.20069. This is an update outside the normal update cycle that was released on January 3, 2019.
Within a Security Bulletin for Adobe Acrobat and Reader (APSB19-02), Adobe states that the hotfix addresses critical vulnerabilities. A Use after Free vulnerability (CVE-2018-16011) allows code execution. The security bypass vulnerability (CVE-2018-16018) allows privileges to be increased. Successful exploitation can result in arbitrary code execution in the context of the current user. The following versions are affected:
|Acrobat DC||Continuous||2019.010.20069||Windows and macOS||Windows|
|Acrobat Reader DC||Continuous||2019.010.20069||Windows and macOS||Windows|
|Acrobat 2017||Classic 2017||2017.011.30113||Windows and macOS||Windows|
|Acrobat Reader DC 2017||Classic 2017||2017.011.30113||Windows and macOS||Windows|
|Acrobat DC||Classic 2015||2015.006.30464||Windows and macOS||Windows|
|Acrobat Reader DC||Classic 2015||2015.006.30464||Windows and macOS||Windows|
In addition to the security fixes, the update also contains the following bug fixes:
- 4265190: When opening with XDP/XFDF file in IE, the corresponding PDF does not open in the same tab but opens in another tab/default browser
- 4265294, 4265316: File zooms out automatically in case auto fill list appears at the bottom of the page
- 4265249, 4265312: Acrobat crashing on RDS farm on startup. Crash happens because Acrobat/Reader tries to load DigSig acrodata file but is unable to access it leading to crash
- 4265274: Comment RHP opens on selecting any annot in Document view
Further information can be found on this website.
Microsoft Office Patchday (January 2, 2019)