Security updates available for Adobe Acrobat and Reader

Adobe has released security updates for Adobe Acrobat and Reader for Windows and MacOS. These updates address critical and important vulnerabilities.  Successful exploitation could lead to arbitrary code execution in the context of the current user.    

Vulnerability Category - 

  • Buffer Errors
  • Data leakage (sensitive)
  • Double Free
  • Integer Overflow
  • Out-of-Bounds Read
  • Security bypass Privilege Escalation
  • Out-of-Bounds Write
  • Untrusted Pointer Dereference
  • Use After Free

Adobe recommends users update their software installations to the latest versions by following the instructions below.
The latest product versions are available to end users via one of the following methods:

  • Users can update their product installations manually by choosing Help > Check for Updates.
  • The products will update automatically, without requiring user intervention, when updates are detected.
  • The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center.  (Dowload Link - https://get.adobe.com/reader/)

For IT administrators (managed environments):

  • Download the enterprise installers from ftp://ftp.adobe.com/pub/adobe/, or refer to the specific release note version for links to installers.
  • Install updates via your preferred methodology, such as AIP-GPO, bootstrapper, SCUP/SCCM (Windows), or on macOS, Apple Remote Desktop and SSH.

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:

Affected Versions

Product Track Affected Versions Platform
Acrobat DC  Continuous  2019.010.20069 and earlier versions  Windows and macOS
Acrobat Reader DC Continuous 2019.010.20069 and earlier versions Windows and macOS
       
Acrobat 2017 Classic 2017 2017.011.30113 and earlier version Windows and macOS
Acrobat Reader 2017 Classic 2017 2017.011.30113 and earlier version Windows and macOS
       
Acrobat DC  Classic 2015 2015.006.30464 and earlier versions  Windows and macOS
Acrobat Reader DC  Classic 2015 2015.006.30464 and earlier versions  Windows and macOS

 

Vulnerability Details

Vulnerability Category Vulnerability Impact Severity CVE Number
Buffer Errors Arbitrary Code Execution  Critical 

CVE-2019-7020

CVE-2019-7085

Data leakage (sensitive) Information Disclosure Critical  CVE-2019-7089
Double Free Arbitrary Code Execution  Critical  CVE-2019-7080
Integer Overflow Information Disclosure Critical  CVE-2019-7030
Out-of-Bounds Read Information Disclosure Important

CVE-2019-7021

CVE-2019-7022

CVE-2019-7023

CVE-2019-7024

CVE-2019-7028

CVE-2019-7032

CVE-2019-7033

CVE-2019-7034

CVE-2019-7035

CVE-2019-7036

CVE-2019-7038

CVE-2019-7045

CVE-2019-7047

CVE-2019-7049

CVE-2019-7053

CVE-2019-7055

CVE-2019-7056

CVE-2019-7057

CVE-2019-7058

CVE-2019-7059

CVE-2019-7063

CVE-2019-7064

CVE-2019-7065

CVE-2019-7067

CVE-2019-7071

CVE-2019-7073

CVE-2019-7074 

CVE-2019-7081

Security bypass Privilege Escalation Critical 

CVE-2018-19725

CVE-2019-7041

Out-of-Bounds Write Arbitrary Code Execution  Critical 

CVE-2019-7019

CVE-2019-7027

CVE-2019-7037

CVE-2019-7039

CVE-2019-7052

CVE-2019-7060

CVE-2019-7079

Type Confusion Arbitrary Code Execution   Critical

CVE-2019-7069

CVE-2019-7086

CVE-2019-7087

Untrusted Pointer Dereference Arbitrary Code Execution    Critical

CVE-2019-7042

CVE-2019-7046

CVE-2019-7051

CVE-2019-7054

CVE-2019-7066

CVE-2019-7076

Use After Free  Arbitrary Code Execution   Critical 

CVE-2019-7018

CVE-2019-7025 

CVE-2019-7026

CVE-2019-7029 

CVE-2019-7031

CVE-2019-7040 

CVE-2019-7043

CVE-2019-7044 

CVE-2019-7048

CVE-2019-7050 

CVE-2019-7062

CVE-2019-7068 

CVE-2019-7070

CVE-2019-7072 

CVE-2019-7075

CVE-2019-7077 

CVE-2019-7078

CVE-2019-7082 

CVE-2019-7083

CVE-2019-7084 

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.