Adobe Reader security update to version 2019.10.20091

[German]Adobe has released a security update for Acrobat Reader and Acrobat DC for Windows and macOS on February 12, 2019. This security update addresses critical and important vulnerabilities in older program versions. 


Advertising

Details of the update can be found in Adobe Security Bulletin APSB19-07, where Adobe announces that security updates for Adobe Acrobat and Reader for Windows and MacOS have been released. These updates address critical and important vulnerabilities. Successful exploitation can lead to arbitrary code execution in the context of the current user. Here is the table of affected products.

Product Track Affected Versions Platform
Acrobat DC Continuous 2019.010.20069 and earlier versions Windows
Acrobat DC Continuous 2019.010.20069 and earlier versions macOS
Acrobat Reader DC Continuous 2019.010.20069 and earlier versions Windows
Acrobat Reader DC Continuous 2019.010.20069 and earlier versions macOS
       
Acrobat 2017 Classic 2017 2017.011.30113 and earlier version Windows
Acrobat 2017 Classic 2017 2017.011.30113 and earlier version macOS
Acrobat Reader 2017 Classic 2017 2017.011.30113 and earlier version Windows
Acrobat Reader 2017 Classic 2017 2017.011.30113 and earlier version macOS
       
Acrobat DC Classic 2015 2015.006.30464 and earlier versions Windows
Acrobat DC Classic 2015 2015.006.30464 and earlier versions macOS
Acrobat Reader DC Classic 2015 2015.006.30464 and earlier versions Windows
Acrobat Reader DC Classic 2015 2015.006.30456 and earlier versions macOS

Adobe has provided updates for the affected products, which can be accessed via the links in the table below. 

Product Track Updated Versions Platform Availability
Acrobat DC Continuous 2019.010.20091 Windows and macOS

Windows
macOS

Acrobat Reader DC Continuous 2019.010.20091 Windows and macOS Windows macOS
         
Acrobat 2017 Classic 2017 2017.011.30120 Windows and macOS Windows macOS
Acrobat Reader DC 2017 Classic 2017 2017.011.30120 Windows and macOS Windows macOS
         
Acrobat DC Classic 2015 2015.006.30475 Windows and macOS Windows macOS
Acrobat Reader DC Classic 2015 2015.006.30475 Windows and macOS Windows macOS

For more information, see Adobe Security Bulletin APSB19-07. The vulnerabilities are listed in more detail in this Security Bulletin.

At Bleeping Computer you can find this article, which addresses another vulnerability. The Zero-Day, which does not yet have a CVE tracker ID, has been tested with the latest version of Adobe Acrobat Reader DC 19.010.20069, but will most likely also affect all other versions up to this version. Mitja Kolsek, CEO of ACROS Security, the company behind 0patch, writes:

This vulnerability, similar to CVE-2018-4993, the so-called Bad-PDF reported by CheckPoint in April last year, allows a remote attacker to steal user’s NTLM hash included in the SMB request. It also allows a document to “phone home”, i.e., to let the sender know that the user has viewed the document. Obviously, neither of these is desirable.

Whether this vulnerability was closed with the update to Acrobat Reader DC 2019.010.20091 is unknown to me.


Advertising


Advertising


This entry was posted in Security, Software, Update and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *