DESCRIPTION:
Multiple vulnerabilities have been discovered in Adobe Acrobat and Adobe Reader. Upon successful exploitation, all critical vulnerabilities in Adobe Acrobat and Reader software lead to arbitrary code execution attacks, allowing attackers to take complete control of targeted systems.
Adobe fixed 14 critical arbitrary code execution flaws, including out-of-bounds write glitches (CVE-2019-16450, CVE-2019-16454), use after free flaws (CVE-2019-16445, CVE-2019-16448, CVE-2019-16452, CVE-2019-16459, CVE-2019-16464), untrusted pointer dereference vulnerability (CVE-2019-16446, CVE-2019-16455, CVE-2019-16460, CVE-2019-16463), a heap overflow (CVE-2019-16451), buffer error (CVE-2019-16462) and a security bypass (CVE-2019-16453).
AFFECTED RELEASES:
The Adobe Acrobat and Reader versions for Windows and macOS enlisted are affected by these vulnerabilities:
1. Continuous track versions:
•Acrobat DC Continuous track versions 2019.021.20056 and earlier versions
•Acrobat Reader DC Continuous track versions 2019.021.20056 and earlier versions
2. Classic 2017 versions:
•Acrobat 2017 Classic 2017:
-Windows:versions 2017.011.30152 and earlier versions
-macOS:versions 2017.011.30155 and earlier versions
•Acrobat Reader 2017 Classic 2017 versions 2017.011.30152 and earlier versions
3. Classic 2015 versions:
•Acrobat DC Classic 2015 versions 2015.006.30505 and earlier versions
•Acrobat Reader DC Classic 2015 versions 2015.006.30505 and earlier versions
SOLUTION:
Please confirm the current version by choosing "Help" > "About." If it is the affected version, please update to the latest releases by clicking "Check for Updates." If an update from the menu is not available, please download the latest Adobe Acrobat and Reader from the following URL:
1. Continuous track version upgrade to 2019.021.20058 at least:
•Acrobat DC:
-Windows User:https://supportdownloads.adobe.com/detail.jsp?ftpID=6813
-macOS User:https://supportdownloads.adobe.com/detail.jsp?ftpID=6819
•Acrobat Reader DC:
-Windows User:https://supportdownloads.adobe.com/detail.jsp?ftpID=6815
-macOS User:https://supportdownloads.adobe.com/detail.jsp?ftpID=6821
2. Classic 2017 versions upgrade to 2017.011.30156 at least:
•Acrobat 2017:
-Windows User:https://supportdownloads.adobe.com/detail.jsp?ftpID=6823
-macOS User:https://supportdownloads.adobe.com/detail.jsp?ftpID=6827
•Acrobat Reader 2017:
-Windows User:https://supportdownloads.adobe.com/detail.jsp?ftpID=6825
-macOS User:https://supportdownloads.adobe.com/detail.jsp?ftpID=6829
3. Classic 2015 versions upgrade to 2015.006.30508 at least:
•Acrobat 2015:
-Windows User:https://supportdownloads.adobe.com/detail.jsp?ftpID=6831
-macOS User:https://supportdownloads.adobe.com/detail.jsp?ftpID=6835
•Acrobat Reader 2015:
-Windows User:https://supportdownloads.adobe.com/detail.jsp?ftpID=6833
-macOS User:https://supportdownloads.adobe.com/detail.jsp?ftpID=6837
REFERENCE:
1. https://helpx.adobe.com/security/products/acrobat/apsb19-55.html
2. https://thehackernews.com/2019/12/adobe-software-update.html