Zscaler Security Advisories

Security Advisory - August 13, 2024

Zscaler protects against 11 new vulnerabilities for Adobe Acrobat and Reader

  1. Overview

Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 11 vulnerabilities included in the August 2024 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the August release and deploy additional protections, as necessary.

APSB24-57 – Security updates available for Adobe Acrobat and Reader.

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution, privilege escalation and memory leak. 

Affected Software

  • Acrobat DC Continuous 24.002.20991 and earlier versions for Windows & 24.002.20964 and earlier for macOS
  • Acrobat Reader DC Continuous 24.002.20991 and earlier versions for Windows & 24.002.20964 and earlier for macOS
  • Acrobat 2024 Classic 2024 24.001.30123 and earlier versions for Windows & macOS
  • Acrobat 2020 Classic 2020 20.005.30636 and earlier versions for Windows & 20.005.30635 and earlier versions for macOS
  • Acrobat Reader 2020 Classic 2020 20.005.30636 and earlier versions for Windows & 20.005.30635 and earlier versions for macOS

CVE-2024-39383 – Use After Free vulnerability leading to Arbitrary code execution. 

Severity: Critical

Subscription Required

  • Advanced Threat Protection
  • Advanced Cloud Sandbox

 

CVE-2024-39422 – Use After Free vulnerability leading to Arbitrary code execution. 

Severity: Critical

Subscription Required

  • Advanced Threat Protection
  • Advanced Cloud Sandbox

 

CVE-2024-39423 – Out-of-bounds Write vulnerability leading to Arbitrary code execution.

Severity: Critical

Subscription Required

  • Advanced Threat Protection
  • Advanced Cloud Sandbox

 

CVE-2024-39424 – Use After Free vulnerability leading to Arbitrary code execution.

Severity: Critical

Subscription Required

  • Advanced Threat Protection
  • Advanced Cloud Sandbox

 

CVE-2024-39426 – Access of Memory Location After End of Buffer vulnerability leading to Arbitrary code Execution.

Severity: Critical

Subscription Required

  • Advanced Threat Protection 
  • Advanced Cloud Sandbox

 

CVE-2024-41830 – Use After Free vulnerability leading to Arbitrary code execution.

Severity: Critical

Subscription Required

  • Advanced Threat Protection 
  • Advanced Cloud Sandbox

 

CVE-2024-41831 – Use After Free vulnerability leading to Arbitrary Code Execution.

Severity: Critical

Subscription Required

  • Advanced Threat Protection 
  • Advanced Cloud Sandbox

 

CVE-2024-41832 – Out-of-bounds Read vulnerability leading to Memory leak.

Severity: Important

Subscription Required

  • Advanced Threat Protection
  • Advanced Cloud Sandbox 

 

CVE-2024-41833 – Out-of-bounds Read vulnerability leading to Memory leak.

Severity: Important

Subscription Required

  • Advanced Threat Protection
  • Advanced Cloud Sandbox 

 

CVE-2024-41834 – Out-of-bounds Read vulnerability leading to Memory leak.

Severity: Important

Subscription Required

  • Advanced Threat Protection
  • Advanced Cloud Sandbox 

 

CVE-2024-41835 – Out-of-bounds Read vulnerability leading to Memory leak.

Severity: Important

Subscription Required

  • Advanced Threat Protection
  • Advanced Cloud Sandbox