--- licence_title: Creative Commons Attribution 4.0 International (CC-BY 4.0) licence_link: https://creativecommons.org/licenses/by/4.0/ licence_restrictions: https://cert.europa.eu/legal-notice licence_author: CERT-EU, The Cybersecurity Service for the European Union institutions, bodies, offices and agencies title: 'Critical Vulnerabilities in Adobe Acrobat and Reader' version: '1.0' number: '2018-021' date: 'August 16, 2018' --- _History:_ * _16/08/2018 --- v1.0: Initial publication_ # Summary On 14th of August 2018, Adobe released a security bulletin addressing two critical vulnerabilities affecting Adobe Acrobat and Reader for Windows and MacOS. Successful exploitation could lead to arbitrary code execution in the context of the current user and be used in a phishing campaign. No exploit has been observed yet in the wild. # Technical Details The two vulnerabilities received CVEs: - CVE-2018-12799: Untrusted pointer dereference - CVE-2018-12808: Out-of-bounds write The technical details for the two vulnerabilities were not disclosed. # Products Affected The following products are affected. Acrobat DC on Windows and MacOS: - 2018.011.20055 and earlier versions for the continuous track - 2017.011.30096 and earlier versions for the classic 2017 track - 2015.006.30434 and earlier versions for the classic 2015 track Acrobat Reader DC on Windows and MacOS: - 2018.011.20055 and earlier versions for the continuous track - 2017.011.30096 and earlier versions for the classic 2017 track - 2015.006.30434 and earlier versions for the classic 2015 track # Recommendations Update Acrobat and Acrobat Reader to one of the following versions: - 2018.011.20058 - 2017.011.30099 - 2015.006.30448 # References [1]