ESB-2018.1998 - [Win][Mac] Adobe Acrobat & Reader: Multiple vulnerabilities 2018-07-11

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.1998
        Security Bulletin for Adobe Acrobat and Reader | APSB18-21
                               11 July 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Adobe Acrobat
                   Adobe Reader
Publisher:         Adobe
Operating System:  Windows
                   Mac OS
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
                   Increased Privileges            -- Remote with User Interaction
                   Access Confidential Data        -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-12803 CVE-2018-12802 CVE-2018-12798
                   CVE-2018-12797 CVE-2018-12796 CVE-2018-12795
                   CVE-2018-12794 CVE-2018-12793 CVE-2018-12792
                   CVE-2018-12791 CVE-2018-12790 CVE-2018-12789
                   CVE-2018-12788 CVE-2018-12787 CVE-2018-12786
                   CVE-2018-12785 CVE-2018-12784 CVE-2018-12783
                   CVE-2018-12782 CVE-2018-12781 CVE-2018-12780
                   CVE-2018-12779 CVE-2018-12777 CVE-2018-12776
                   CVE-2018-12774 CVE-2018-12773 CVE-2018-12772
                   CVE-2018-12771 CVE-2018-12770 CVE-2018-12768
                   CVE-2018-12767 CVE-2018-12766 CVE-2018-12765
                   CVE-2018-12764 CVE-2018-12763 CVE-2018-12762
                   CVE-2018-12761 CVE-2018-12760 CVE-2018-12758
                   CVE-2018-12757 CVE-2018-12756 CVE-2018-12755
                   CVE-2018-12754 CVE-2018-5070 CVE-2018-5069
                   CVE-2018-5068 CVE-2018-5067 CVE-2018-5066
                   CVE-2018-5065 CVE-2018-5064 CVE-2018-5063
                   CVE-2018-5062 CVE-2018-5061 CVE-2018-5060
                   CVE-2018-5059 CVE-2018-5058 CVE-2018-5057
                   CVE-2018-5056 CVE-2018-5055 CVE-2018-5054
                   CVE-2018-5053 CVE-2018-5052 CVE-2018-5051
                   CVE-2018-5050 CVE-2018-5049 CVE-2018-5048
                   CVE-2018-5047 CVE-2018-5046 CVE-2018-5045
                   CVE-2018-5044 CVE-2018-5043 CVE-2018-5042
                   CVE-2018-5041 CVE-2018-5040 CVE-2018-5039
                   CVE-2018-5038 CVE-2018-5037 CVE-2018-5036
                   CVE-2018-5035 CVE-2018-5034 CVE-2018-5033
                   CVE-2018-5032 CVE-2018-5031 CVE-2018-5030
                   CVE-2018-5029 CVE-2018-5028 CVE-2018-5027
                   CVE-2018-5026 CVE-2018-5025 CVE-2018-5024
                   CVE-2018-5023 CVE-2018-5022 CVE-2018-5021
                   CVE-2018-5020 CVE-2018-5019 CVE-2018-5018
                   CVE-2018-5017 CVE-2018-5016 CVE-2018-5015
                   CVE-2018-5014 CVE-2018-5012 CVE-2018-5011
                   CVE-2018-5010 CVE-2018-5009 

Original Bulletin: 
   https://helpx.adobe.com/security/products/acrobat/apsb18-21.html

- --------------------------BEGIN INCLUDED TEXT--------------------

Security Bulletin for Adobe Acrobat and Reader | APSB18-21
+-----------------------------------------------------------------------------+
|       Bulletin ID       |         Date Published         |     Priority     |
|-------------------------+--------------------------------+------------------|
|APSB18-21                |July 10, 2018                   |2                 |
+-----------------------------------------------------------------------------+

Summary

Adobe has released security updates for Adobe Acrobat and Reader for Windows
and macOS. These updates address critical and important vulnerabilities. 
Successful exploitation could lead to arbitrary code execution in the context
of the current user.

Affected Versions

+-----------------------------------------------------------------------------+
|    Product   |  Track   |    Affected Versions     |  Platform  | Priority  |
|              |          |                          |            |  rating   |
|--------------+----------+--------------------------+------------+-----------|
|Acrobat DC    |Continuous|2018.011.20040 and earlier|Windows and |2          |
|              |          |versions                  |macOS       |           |
|--------------+----------+--------------------------+------------+-----------|
|Acrobat Reader|Continuous|2018.011.20040 and earlier|Windows and |2          |
|DC            |          |versions                  |macOS       |           |
|--------------+----------+--------------------------+------------+-----------|
|              |          |                          |            |           |
|--------------+----------+--------------------------+------------+-----------|
|Acrobat 2017  |Classic   |2017.011.30080 and earlier|Windows and |2          |
|              |2017      |versions                  |macOS       |           |
|--------------+----------+--------------------------+------------+-----------|
|Acrobat Reader|Classic   |2017.011.30080 and earlier|Windows and |2          |
|2017          |2017      |versions                  |macOS       |           |
|--------------+----------+--------------------------+------------+-----------|
|              |          |                          |            |           |
|--------------+----------+--------------------------+------------+-----------|
|Acrobat DC    |Classic   |2015.006.30418 and earlier|Windows and |2          |
|              |2015      |versions                  |macOS       |           |
|--------------+----------+--------------------------+------------+-----------|
|Acrobat Reader|Classic   |2015.006.30418 and earlier|Windows and |2          |
|DC            |2015      |versions                  |macOS       |           |
+-----------------------------------------------------------------------------+

For questions regarding Acrobat DC, please visit the Acrobat DC FAQ page. 

For questions regarding Acrobat Reader DC, please visit the Acrobat Reader DC
FAQ page.

Solution

Adobe recommends users update their software installations to the latest
versions by following the instructions below.
The latest product versions are available to end users via one of the following
methods:

  * Users can update their product installations manually by choosing Help >
    Check for Updates.
  * The products will update automatically, without requiring user
    intervention, when updates are
    detected.
  * The full Acrobat Reader installer can be downloaded from the Acrobat Reader
    Download Center.

For IT administrators (managed environments):

  * Download the enterprise installers from ftp://ftp.adobe.com/pub/adobe/, or
    refer to the specific release note version for links to installers.
  * Install updates via your preferred methodology, such as AIP-GPO,
    bootstrapper, SCUP/SCCM (Windows), or on macOS, Apple Remote Desktop and
    SSH.

Adobe categorizes these updates with the following priority ratings and
recommends users update their installation to the newest version:

+-----------------------------------------------------------------------------+
|    Product    |  Track   |   Updated    | Platform  | Priority |Availability|
|               |          |   Versions   |           |  Rating  |            |
|---------------+----------+--------------+-----------+----------+------------|
|Acrobat DC     |Continuous|2018.011.20055|Windows and|2         |Windows     |
|               |          |              |macOS      |          |macOS       |
|---------------+----------+--------------+-----------+----------+------------|
|Acrobat Reader |Continuous|2018.011.20055|Windows    |2         |Windows     |
|DC             |          |              |and macOS  |          |macOS       |
|---------------+----------+--------------+-----------+----------+------------|
|               |          |              |           |          |            |
|---------------+----------+--------------+-----------+----------+------------|
|Acrobat 2017   |Classic   |2017.011.30096|Windows    |2         |Windows     |
|               |2017      |              |and macOS  |          |macOS       |
|---------------+----------+--------------+-----------+----------+------------|
|Acrobat Reader |Classic   |2017.011.30096|Windows    |2         |Windows     |
|DC 2017        |2017      |              |and macOS  |          |macOS       |
|---------------+----------+--------------+-----------+----------+------------|
|               |          |              |           |          |            |
|---------------+----------+--------------+-----------+----------+------------|
|Acrobat DC     |Classic   |2015.006.30434|Windows    |2         |Windows     |
|               |2015      |              |and macOS  |          |macOS       |
|---------------+----------+--------------+-----------+----------+------------|
|Acrobat Reader |Classic   |2015.006.30434|Windows    |2         |Windows     |
|DC             |2015      |              |and macOS  |          |macOS       |
+-----------------------------------------------------------------------------+

Note:

As noted in this previous announcement, support for Adobe Acrobat 11.x and
Adobe Reader 11.x ended on October 15, 2017.  Version 11.0.23 is the final
release for Adobe Acrobat 11.x and Adobe Reader 11.x.  Adobe strongly
recommends that you update to the latest versions of Adobe Acrobat DC and Adobe
Acrobat Reader DC. By updating installations to the latest versions, you
benefit from the latest functional enhancements and improved security measures.

Vulnerability Details

+----------------------------------------------------------------------------------+
|   Vulnerability   |Vulnerability Impact|Severity |          CVE Number           |
|     Category      |                    |         |                               |
|-------------------+--------------------+---------+-------------------------------|
|Double Free        |Arbitrary Code      |Critical |CVE-2018-12782                 |
|                   |Execution           |         |                               |
|-------------------+--------------------+---------+-------------------------------|
|                   |                    |         |CVE-2018-5015, CVE-2018-5028,  |
|                   |                    |         |CVE-2018-5032, CVE-2018-5036,  |
|                   |Arbitrary Code      |         |CVE-2018-5038, CVE-2018-5040,  |
|Heap Overflow      |Execution           |Critical |CVE-2018-5041, CVE-2018-5045,  |
|                   |                    |         |CVE-2018-5052, CVE-2018-5058,  |
|                   |                    |         |CVE-2018-5067, CVE-2018-12785, |
|                   |                    |         |CVE-2018-12788, CVE-2018-12798 |
|-------------------+--------------------+---------+-------------------------------|
|                   |                    |         |CVE-2018-5009, CVE-2018-5011,  |
|                   |                    |         |CVE-2018-5065, CVE-2018-12756, |
|                   |Arbitrary Code      |         |CVE-2018-12770, CVE-2018-12772,|
|Use-after-free     |Execution           |Critical |CVE-2018-12773, CVE-2018-12776,|
|                   |                    |         |CVE-2018-12783, CVE-2018-12791,|
|                   |                    |         |CVE-2018-12792, CVE-2018-12796,|
|                   |                    |         |CVE-2018-12797                 |
|-------------------+--------------------+---------+-------------------------------|
|                   |                    |         |CVE-2018-5020, CVE-2018-5021,  |
|                   |                    |         |CVE-2018-5042, CVE-2018-5059,  |
|Out-of-bounds      |Arbitrary Code      |         |CVE-2018-5064, CVE-2018-5069,  |
|write              |Execution           |Critical |CVE-2018-5070, CVE-2018-12754, |
|                   |                    |         |CVE-2018-12755, CVE-2018-12758,|
|                   |                    |         |CVE-2018-12760, CVE-2018-12771,|
|                   |                    |         |CVE-2018-12787                 |
|-------------------+--------------------+---------+-------------------------------|
|Security Bypass    |Privilege Escalation|Critical |CVE-2018-12802                 |
|-------------------+--------------------+---------+-------------------------------|
|                   |                    |         |CVE-2018-5010, CVE-2018-12803, |
|                   |                    |         |CVE-2018-5014, CVE-2018-5016,  |
|                   |                    |         |CVE-2018-5017, CVE-2018-5018,  |
|                   |                    |         |CVE-2018-5019, CVE-2018-5022,  |
|                   |                    |         |CVE-2018-5023, CVE-2018-5024,  |
|                   |                    |         |CVE-2018-5025, CVE-2018-5026,  |
|                   |                    |         |CVE-2018-5027, CVE-2018-5029,  |
|                   |                    |         |CVE-2018-5031, CVE-2018-5033,  |
|                   |                    |         |CVE-2018-5035, CVE-2018-5039,  |
|                   |                    |         |CVE-2018-5044, CVE-2018-5046,  |
|                   |                    |         |CVE-2018-5047, CVE-2018-5048,  |
|                   |                    |         |CVE-2018-5049, CVE-2018-5050,  |
|                   |Information         |         |CVE-2018-5051, CVE-2018-5053,  |
|Out-of-bounds read |Disclosure          |Important|CVE-2018-5054, CVE-2018-5055,  |
|                   |                    |         |CVE-2018-5056, CVE-2018-5060,  |
|                   |                    |         |CVE-2018-5061, CVE-2018-5062,  |
|                   |                    |         |CVE-2018-5063, CVE-2018-5066,  |
|                   |                    |         |CVE-2018-5068, CVE-2018-12757, |
|                   |                    |         |CVE-2018-12761, CVE-2018-12762,|
|                   |                    |         |CVE-2018-12763, CVE-2018-12764,|
|                   |                    |         |CVE-2018-12765, CVE-2018-12766,|
|                   |                    |         |CVE-2018-12767, CVE-2018-12768,|
|                   |                    |         |CVE-2018-12774, CVE-2018-12777,|
|                   |                    |         |CVE-2018-12779, CVE-2018-12780,|
|                   |                    |         |CVE-2018-12781, CVE-2018-12786,|
|                   |                    |         |CVE-2018-12789,                |
|                   |                    |         |CVE-2018-12790, CVE-2018-12795 |
|-------------------+--------------------+---------+-------------------------------|
|Type Confusion     |Arbitrary Code      |Critical |CVE-2018-5057, CVE-2018-12793, |
|                   |Execution           |         |CVE-2018-12794                 |
|-------------------+--------------------+---------+-------------------------------|
|Untrusted pointer  |Arbitrary Code      |Critical |CVE-2018-5012, CVE-2018-5030   |
|dereference        |Execution           |         |                               |
|-------------------+--------------------+---------+-------------------------------|
|Buffer Errors      |Arbitrary Code      |Critical |CVE-2018-5034, CVE-2018-5037,  |
|                   |Execution           |         |CVE-2018-5043, CVE-2018-12784  |
+----------------------------------------------------------------------------------+

Acknowledgements

Adobe would like to thank the following individuals and organizations for
reporting the relevant issues and for working with Adobe to help protect our
customers:

  * Gal De Leon of Palo Alto Networks (CVE-2018-5009, CVE-2018-5066)

  * Anonymously reported via Trend Micro's Zero Day Initiative (CVE-2018-12770,
    CVE-2018-12771, CVE-2018-12772, CVE-2018-12773, CVE-2018-12774,
    CVE-2018-12776, CVE-2018-12777, CVE-2018-12779, CVE-2018-12780,
    CVE-2018-12781, CVE-2018-12783,CVE-2018-12795, CVE-2018-12797)

  * WillJ of Tencent PC Manager via Trend Micro's Zero Day Initiative
    (CVE-2018-5058, CVE-2018-5063, CVE-2018-5065)

  * Steven Seeley via Trend Micro's Zero Day Initiative (CVE-2018-5012,
    CVE-2018-5030, CVE-2018-5033, CVE-2018-5034, CVE-2018-5035, CVE-2018-5059,
    CVE-2018-5060, CVE-2018-12793, CVE-2018-12796) 

  * Ke Liu of Tencent's Xuanwu LAB working via Trend Micro's Zero Day
    Initiative (CVE-2018-12803, CVE-2018-5014, CVE-2018-5015, CVE-2018-5016,
    CVE-2018-5017, CVE-2018-5018, CVE-2018-5019, CVE-2018-5027, CVE-2018-5028,
    CVE-2018-5029, CVE-2018-5031, CVE-2018-5032, CVE-2018-5055, CVE-2018-5056,
    CVE-2018-5057)

  * Sebastian Apelt siberas via Trend Micro's Zero Day Initiative
    (CVE-2018-12794)

  * Zhiyuan Wang of Chengdu Qihoo360 Tech Co. Ltd. (CVE-2018-12758)

  * Lin Wang of Beihang University (CVE-2018-5010, CVE-2018-5020,
    CVE-2018-12760, CVE-2018-12761, CVE-2018-12762, CVE-2018-12763,
    CVE-2018-12787, CVE-2018-5067) 

  * Zhenjie Jia of Qihoo 360 Vulcan Team (CVE-2018-12757)

  * Netanel Ben Simon and Yoav Alon from Check Point Software Technologies 
    (CVE-2018-5063, CVE-2018-5064, CVE-2018-5065, CVE-2018-5068, CVE-2018-5069,
    CVE-2018-5070, CVE-2018-12754, CVE-2018-12755,
    CVE-2018-12764, CVE-2018-12765, CVE-2018-12766, CVE-2018-12767.
    CVE-2018-12768)

  * Aleksandar Nikolic of Cisco Talos (CVE-2018-12756)

  * Vladislav Stolyarov of Kaspersky Lab (CVE-2018-5011) 

  * Ke Liu of Tencent's Xuanwu Lab (CVE-2018-12785, CVE-2018-12786)

  * Kdot via Trend Micro's Zero Day Initiative (CVE-2018-5036, CVE-2018-5037,
    CVE-2018-5038, CVE-2018-5039, CVE-2018-5040, CVE-2018-5041, CVE-2018-5042,
    CVE-2018-5043, CVE-2018-5044, CVE-2018-5045, CVE-2018-5046, CVE-2018-5047,
    CVE-2018-5048, CVE-2018-5049, CVE-2018-5050, CVE-2018-5051, CVE-2018-5052,
    CVE-2018-5053, CVE-2018-5054, CVE-2018-5020)

  * Pengsu Cheng of Trend Micro working with Trend Micro's Zero Day Initiative
    (CVE-2018-5061, CVE-2018-5067, CVE-2018-12790, CVE-2018-5056)

  * Ron Waisberg working with Trend Micro's Zero Day Initiative (CVE-2018-5062,
    CVE-2018-12788, CVE-2018-12789) 

  * Steven Seeley (mr_me) of Source Incite working with iDefense Labs 
    (CVE-2018-12791, CVE-2018-12792, CVE-2018-5015)

  * Ashfaq Ansari and Sudhakar Verma - Project Srishti working with iDefense
    Labs (CVE-2018-12798)

  * XuPeng of TCA/SKLCS Institute of Software Chinese Academy of Sciences
    and HuangZheng of Baidu Security Lab (CVE-2018-12782)

  * Anonymously reported (CVE-2018-12784, CVE-2018-5009)

  * mr_me of Source Incite working with Trend Micro's Zero Day Initiative
    (CVE-2018-12761)

  * Zhanglin He and Bo Qu of Palo Alto Networks (CVE-2018-5023, CVE-2018-5024)

  * Bo Qu of Palo Alto Networks and Heige of Knownsec 404 Security Team
    (CVE-2018-5021, CVE-2018-5022, CVE-2018-5025, CVE-2018-5026)

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBW0VENGaOgq3Tt24GAQgvJQ//Z6DLqDshd+VDMy55yzqPG6Mx2KqxIUaL
FdKo2VXd/S5TXAFDjR25U0lkx0c2G6z/Ly/An8k0mFwKK3n2MLXWNfnCVTWa2t8c
FtBlelkeXjMEo9nEahqrDlYq9cbZdUckGXD4XckO7i4ToU5VrYRuoJxEpsTr7xP5
XGCgu4YKGT4tr1FNa5q+k2dBkpUdrH7sDj21uJk/xl1/3HuAjna4awlX8CfwRr+z
ZJLi2Rm2Mw331MClQS6w1QY9mRA4+g/5EBNc0qHvFKBGJ980d++ThOiOKdMMU7M9
g6HcOPlFOCuOfwp7UCPNV5lu2og4ScwERfQjZlg/ixRK5ZrV20caldtzOYQK5dBG
oj/mvXPAJIjvyLh56whVyArcUzLC/uOeeLO0pCaUM/l9jU61gfuQjm4hLdgoyYt7
78CBOjG0eEfjQpjFxo3qWhU5hz74r1f6oCAzc0go61tWVbUFEnXtyHFiesuV/a1A
jNinUtMb9hkWNF3UEng7hnJ5CsrciI7+CsyLayQD1PjUJ5lq3S4twVMChs4kHdlY
wTMFG9TgxDaqA+K22FEJVYiAhvhBdKXX6kOLAVsmghuZgpb4Vyv09KuST0p5wpRH
3NoA46akWCXU/uNPXj6i/yc5zyR/3q9lqp8ccTcfwtjC8QieD5johApRmswV2YCz
YC7Bm438pHQ=
=RaF9
-----END PGP SIGNATURE-----

« Back to bulletins