Security Advisory - November 13, 2018

Zscaler protects against 2 new vulnerabilities for Adobe Flash Player & Acrobat Reader.

Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 2 vulnerabilities included in the November 2018 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the November release and deploy additional protections as necessary.

APSB18-40 – Security updates available for Adobe Acrobat and Reader.

Adobe has released security update for Adobe Acrobat and Reader for Windows and macOS. This update addresses an important vulnerability. Successful exploitation could lead to leak of user’s hashed NTLM password.

Severity: Important

Affected Software

Acrobat DC Continuous 2019.008.20080 and earlier versions for Windows and macOS
Acrobat Reader DC Continuous 2019.008.20080 and earlier versions for Windows and macOS
Acrobat 2017 Classic 2017 2017.011.30105 and earlier versions for Windows and macOS
Acrobat Reader 2017 Classic 2017 2017.011.30105 and earlier versions for Windows and macOS
Acrobat DC Classic 2015 2015.006.30456 and earlier versions for Windows and macOS
Acrobat Reader DC Classic 2015 2015.006.30456 and earlier versions for Windows and macOS

CVE-2018-15979 – Adobe Acrobat Reader Information Disclosure Vulnerability

This vulnerability is due to an incomplete patch of embedded go-to action in a PDF file. Exploitation leads to disclosure of information that can be abused to extract hashed NTLM credentials. The vulnerability exists due to the way Acrobat Reader engine handles certain action dictionaries.

APSB18-39 – Security updates available for Flash Player.

Adobe has released security update for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address important vulnerability in Adobe Flash Player 31.0.0.122 and earlier versions. Successful exploitation could lead to information disclosure.

Severity: Important

Affected Software

Adobe Flash Player Desktop Runtime 31.0.0.122 and earlier versions for Windows, macOS and Linux
Adobe Flash Player for Google Chrome 31.0.0.122 and earlier versions for Windows, macOS, Linux and Chrome OS
Adobe Flash Player for Microsoft Edge and Internet Explorer 11 31.0.0.122 and earlier versions for Windows 10 and 8.1

CVE-2018-15978 – Adobe Flash Player Out-of-bounds Read vulnerability.

This vulnerability is an instance of Out-of-bounds read vulnerability which leads to information disclosure.

Security Advisory - November 13, 2018

Zscaler protects against 2 new vulnerabilities for Adobe Flash Player & Acrobat Reader.

Take the first steps on your transformation journey

Ready to transform your agency?

Ready to purchase training?

Are you ready to transform your career?

Products

Solutions

Resources

Company

Careers

Blogs

Zenith Community

Privacy

Privacy Policy

GDPR and Privacy Shield Policy

California Privacy Policy

Cookies Policy

Legal / Security

Acceptable Use Policy

Patents

Vulnerability Disclosure Program

Language

English

Français

Deutsch

日本語