Concerned about recent PAN-OS and other firewall/VPN CVEs? Take advantage of Zscaler’s special offer today

Zscaler Security Advisories

Security Advisory - April 12, 2022

Zscaler protects against 61 new vulnerabilities for Adobe Acrobat and Reader

Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 61 vulnerabilities included in the April 2021 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the April release and deploy additional protections, as necessary.

APSB22-16 – Security updates available for Adobe Acrobat and Reader.

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple critical, important, and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution, memory leak, security feature bypass and privilege escalation.

Affected Software

  • Acrobat DC Continuous 22.001.20085 and earlier versions for Windows
  • Acrobat Reader DC Continuous 22.001.20085 and earlier versions for Windows
  • Acrobat 2020 Classic 2020 20.005.30314 and earlier versions for Windows &  20.005.30311  for macOS
  • Acrobat Reader 2020 Classic 20.005.30311 and earlier versions for Windows &  20.005.30311 macOS
  • Acrobat 2017 Classic 2017 17.012.30205 and earlier versions for Windows & macOS
  • Acrobat Reader 2017 Classic 2017 17.012.30205 and earlier versions for Windows & macOS

 

CVE-2022-24101 – Use After Free vulnerability leading to Memory Leak

Severity: Moderate

 

CVE-2022-24103 – Use After Free vulnerability leading to Arbitrary code execution

Severity: Critical

 

CVE-2022-24104 – Use After Free vulnerability leading to Arbitrary code execution

Severity: Critical

 

CVE-2022-27785 – Use After Free vulnerability leading to Arbitrary code execution

Severity: Critical

 

CVE-2022-24102 – Use After Free vulnerability leading to Arbitrary code execution

Severity: Critical

 

CVE-2022-27786 – Use After Free vulnerability leading to Arbitrary code execution

Severity: Critical

 

CVE-2022-27787 – Out-of-bounds Write vulnerability leading to Arbitrary code execution

Severity: Critical

 

CVE-2022-27788 – Out-of-bounds Write vulnerability leading to Arbitrary code execution

Severity: Critical

 

CVE-2022-27789 – Use After Free vulnerability leading to Arbitrary code execution

Severity: Critical

 

CVE-2022-27790 – Use After Free vulnerability leading to Arbitrary code execution

Severity: Critical

 

CVE-2022-27791 – Stack-based Buffer Overflow vulnerability leading to Arbitrary code execution

Severity: Critical

 

CVE-2022-27792 – Out-of-bounds Write vulnerability leading to Arbitrary code execution

Severity: Critical

 

CVE-2022-27793 – Out-of-bounds Write vulnerability leading to Arbitrary code execution

Severity: Critical

 

CVE-2022-27794 – Access Uninitialized Pointer vulnerability leading to Arbitrary code execution

Severity: Critical

 

CVE-2022-27795 – Use After Free vulnerability leading to Arbitrary code execution

Severity: Critical

 

CVE-2022-27796 – Use After Free vulnerability leading to Arbitrary code execution

Severity: Critical

 

CVE-2022-27797 – Use After Free vulnerability leading to Arbitrary code execution

Severity: Critical

 

CVE-2022-27798 – Out-of-bounds Write vulnerability leading to Arbitrary code execution

Severity: Critical

 

CVE-2022-27799 – Use After Free vulnerability leading to Arbitrary code execution

Severity: Critical

 

CVE-2022-27800 – Use After Free vulnerability leading to Arbitrary code execution

Severity: Critical

 

CVE-2022-27801 – Use After Free vulnerability leading to Arbitrary code execution

Severity: Critical

 

CVE-2022-27802 – Use After Free vulnerability leading to Arbitrary code execution

Severity: Critical

 

CVE-2022-28230 – Use After Free vulnerability leading to Arbitrary code execution

Severity: Critical

 

CVE-2022-28231 – Out-of-bounds Read vulnerability leading to Arbitrary code execution

Severity: Critical

 

CVE-2022-28232 – Use After Free vulnerability leading to Arbitrary code execution

Severity: Critical

 

CVE-2022-28233 – Use After Free vulnerability leading to Arbitrary code execution

Severity: Critical

 

CVE-2022-28234 – Heap-based Buffer Overflow vulnerability leading to Arbitrary code execution

Severity: Critical

 

CVE-2022-28235 – Use After Free vulnerability leading to Arbitrary code execution

Severity: Critical

 

CVE-2022-28236 – Out-of-bounds Write vulnerability leading to Arbitrary code execution

Severity: Critical

 

CVE-2022-28237 – Use After Free vulnerability leading to Arbitrary code execution

Severity: Critical

 

CVE-2022-28238 – Use After Free vulnerability leading to Arbitrary code execution

Severity: Critical

 

CVE-2022-28239 – Out-of-bounds Read vulnerability leading to Arbitrary code execution

Severity: Critical

 

CVE-2022-28240 – Use After Free vulnerability leading to Arbitrary code execution

Severity: Critical

 

CVE-2022-28241 – Out-of-bounds Read vulnerability leading to Arbitrary code execution

Severity: Critical

 

CVE-2022-28242 – Use After Free vulnerability leading to Arbitrary code execution

Severity: Critical

 

CVE-2022-28243 – Out-of-bounds Read vulnerability leading to Arbitrary code execution

Severity: Critical

 

CVE-2022-28244 – Violation of Secure Design Principles leading to Arbitrary code execution

Severity: Important

 

CVE-2022-28245 – Out-of-bounds Read vulnerability leading to Memory Leak

Severity: Critical

 

CVE-2022-28246 – Out-of-bounds Read vulnerability leading to Memory Leak

Severity: Important

 

CVE-2022-28248 – Out-of-bounds Read vulnerability leading to Memory Leak

Severity: Important

 

CVE-2022-28249 – Out-of-bounds Read vulnerability leading to Memory Leak

Severity: Important

 

CVE-2022-28250 – Use After Free vulnerability leading to Memory Leak

Severity: Important

 

CVE-2022-28251 – Out-of-bounds Read vulnerability leading to Memory Leak

Severity: Important

 

CVE-2022-28252 – Out-of-bounds Read vulnerability leading to Memory Leak

Severity: Important

 

CVE-2022-28253 – Out-of-bounds Read vulnerability leading to Memory Leak

Severity: Important

 

CVE-2022-28254 – Out-of-bounds Read vulnerability leading to Memory Leak

Severity: Important

 

 

CVE-2022-28255 – Out-of-bounds Read vulnerability leading to Memory Leak

Severity: Important

 

CVE-2022-28256 – Out-of-bounds Read vulnerability leading to Memory Leak

Severity: Important

 

CVE-2022-28257 – Out-of-bounds Read vulnerability leading to Memory Leak

Severity: Important

 

CVE-2022-28258 – Out-of-bounds Read vulnerability leading to Memory Leak

Severity: Important

 

CVE-2022-28259 – Out-of-bounds Read vulnerability leading to Memory Leak

Severity: Important

 

CVE-2022-28260 – Out-of-bounds Read vulnerability leading to Memory Leak

Severity: Important

 

CVE-2022-28261 – Out-of-bounds Read vulnerability leading to Memory Leak

Severity: Important

 

CVE-2022-28262 – Out-of-bounds Read vulnerability leading to Memory Leak

Severity: Important

 

CVE-2022-28263 – Out-of-bounds Read vulnerability leading to Memory Leak

Severity: Important

 

CVE-2022-28264 – Out-of-bounds Read vulnerability leading to Memory Leak

Severity: Important

 

CVE-2022-28265 – Out-of-bounds Read vulnerability leading to Memory Leak

Severity: Important

 

CVE-2022-28266 – Out-of-bounds Read vulnerability leading to Memory Leak

Severity: Important

 

CVE-2022-28267 – Out-of-bounds Read vulnerability leading to Memory Leak

Severity: Important

 

CVE-2022-28268 – Out-of-bounds Read vulnerability leading to Memory Leak

Severity: Important

 

CVE-2022-28269 – Out-of-bounds Read vulnerability leading to Memory Leak

Severity: Important