Security Advisory - December 10, 2019

Zscaler protects against 12 new vulnerabilities for Adobe Reader

Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 12 vulnerabilities included in the December 2019 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the December release and deploy additional protections as necessary.

APSB19-55 – Security updates available for Adobe Acrobat and Reader.

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Affected Software

Acrobat DC (Continuous) 2019.021.20056 and earlier versions for macOS
Acrobat DC (Continuous) 2019.021.20056 and earlier versions for Windows
Acrobat Reader DC (Continuous) 2019.021.20056 and earlier versions for macOS
Acrobat Reader DC (Continuous) 2019.021.20056 and earlier versions for Windows
Acrobat 2017 (Classic 2017) 2017.011.30152 and earlier versions for Windows
Acrobat 2017 (Classic 2017) 2017.011.30155 and earlier versions for macOS
Acrobat Reader 2017 (Classic 2017) 2017.011.30152 and earlier versions for macOS
Acrobat Reader 2017 (Classic 2017) 2017.011.30152 and earlier versions for Windows
Acrobat 2015 (Classic 2015) 2015.006.30505 and earlier versions for macOS
Acrobat 2015 (Classic 2015) 2015.006.30505 and earlier versions for Windows
Acrobat Reader 2015 (Classic 2015) 2015.006.30505 and earlier versions for macOS
Acrobat Reader 2015 (Classic 2015) 2015.006.30505 and earlier versions for Windows

CVE-2019-16448 – Use After Free Vulnerability leading to Arbitrary Code Execution.

Severity: Critical

CVE-2019-16457 – Out-of-Bounds Read Vulnerability leading to Information Disclosure.

Severity: Important

CVE-2019-16456 – Out-of-Bounds Read Vulnerability leading to Information disclosure.

Severity: Important

CVE-2019-16452 – Use After Free Vulnerability leading to Arbitrary Code Execution.

Severity: Critical

CVE-2019-16452 – Buffer Error Vulnerability leading to Arbitrary Code Execution.

Severity: Critical

CVE-2019-16464 – Use After Free Vulnerability leading to Arbitrary Code Execution.

Severity: Critical

CVE-2019-16450 – Out-of-Bounds Write Vulnerability leading to Arbitrary Code Execution.

Severity: Critical

CVE-2019-16460 – Untrusted Pointer Dereference Vulnerability leading to Arbitrary Code Execution.

Severity: Critical

CVE-2019-16449 – Out-of-Bounds Read Vulnerability leading to Information disclosure.

Severity: Important

CVE-2019-16458 – Out-of-Bounds Read Vulnerability leading to Information disclosure.

Severity: Important

CVE-2019-16454 – Out-of-Bounds Write Vulnerability leading to Arbitrary Code Execution.

Severity: Critical

CVE-2019-16445 – Use After Free Vulnerability leading to Arbitrary Code Execution.

Severity: Critical

Zscaler named a Leader in the 2023 Gartner® Magic Quadrant™ for Security Service Edge

Your world, secured

Zscaler: A Leader in the 2023 Gartner® Magic Quadrant™ for Security Service Edge (SSE)

The Zscaler Difference

Zero Trust Fundamentals

Secure Your Users

Secure Your Workloads

Secure Your IoT and OT

Products

Solution Areas

Zero Trust Exchange Platform

Transform with Zero Trust Architecture

Secure Your Business Goals

Learn, Connect, and Get Support.

Resource Center

Events & Trainings

Security Research & Services

Tools

Community & Support

Industry & Market Solutions

About Zscaler

Partners

News & Announcements

Leadership Team

Partner Integrations

Investor Relations

Environmental, Social & Governance

Careers

Press Center

Compliance

Zenith Ventures

Security Advisory - December 10, 2019

Zscaler protects against 12 new vulnerabilities for Adobe Reader