Adobe released a patch after the usual monthly update in a move to quickly fix a set of severe vulnerabilities in Acrobat and Reader.
The most critical issue is an out-of-bounds write vulnerability where CVE-2018-12848 can lead to arbitrary code execution.
The bugs impact Windows and MacOS machines, Adobe officials said in an advisory.
The second set of bugs (CVE-2018-12849, CVE-2018-12850, CVE-2018-12801, CVE-2018-12840, CVE-2018-12778, and CVE-2018-12775) are out-of-bounds read issues that can all lead to information disclosure. These vulnerabilities are considered “important.”
The vulnerabilities impact Acrobat DC 2018.011.20058 and earlier, Acrobat Reader DC 2018.011.20058 and earlier, Acrobat 2017 2017.011.30099 and earlier, Acrobat Reader 2017 2017.011.30099 and earlier, Acrobat DC 2015.006.30448 and earlier, and Acrobat Reader DC 2015.006.30448 and earlier.