Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 2 vulnerabilities included in the November 2018 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the November release and deploy additional protections as necessary.
APSB18-40 – Security updates available for Adobe Acrobat and Reader.
Adobe has released security update for Adobe Acrobat and Reader for Windows and macOS. This update addresses an important vulnerability. Successful exploitation could lead to leak of user’s hashed NTLM password.
CVE-2018-15979 – Adobe Acrobat Reader Information Disclosure Vulnerability
This vulnerability is due to an incomplete patch of embedded go-to action in a PDF file. Exploitation leads to disclosure of information that can be abused to extract hashed NTLM credentials. The vulnerability exists due to the way Acrobat Reader engine handles certain action dictionaries.
APSB18-39 – Security updates available for Flash Player.
Adobe has released security update for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address important vulnerability in Adobe Flash Player 126.96.36.199 and earlier versions. Successful exploitation could lead to information disclosure.
CVE-2018-15978 – Adobe Flash Player Out-of-bounds Read vulnerability.
This vulnerability is an instance of Out-of-bounds read vulnerability which leads to information disclosure.