Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2019-16470: Adobe Security Bulletin

Adobe Acrobat Reader versions 2019.021.20056 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE
#vulnerability#mac#windows#apple#google#cisco#buffer_overflow#ssh#zero_day

Security update available for Adobe Acrobat and Reader | APSB19-55

Bulletin ID

Date Published

Priority

APSB19-55

December 10, 2019

2

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and  important vulnerabilities.  Successful exploitation could lead to arbitrary code execution in the context of the current user.

Adobe recommends users update their software installations to the latest versions by following the instructions below.

The latest product versions are available to end users via one of the following methods:

  • Users can update their product installations manually by choosing Help > Check for Updates.

  • The products will update automatically, without requiring user intervention, when updates are detected.

  • The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center.

For IT administrators (managed environments):

  • Download the enterprise installers from ftp://ftp.adobe.com/pub/adobe/, or refer to the specific release note version for links to installers.

  • Install updates via your preferred methodology, such as AIP-GPO, bootstrapper, SCUP/SCCM (Windows), or on macOS, Apple Remote Desktop and SSH.

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:

Vulnerability Category

Vulnerability Impact

Severity

CVE Number

Out-of-Bounds Read

Information Disclosure

Important

CVE-2019-16449

CVE-2019-16456

CVE-2019-16457

CVE-2019-16458

CVE-2019-16461

CVE-2019-16465

Out-of-Bounds Write

Arbitrary Code Execution

Critical

CVE-2019-16450

CVE-2019-16454

Use After Free

Arbitrary Code Execution

Critical

CVE-2019-16445

CVE-2019-16448

CVE-2019-16452

CVE-2019-16459

CVE-2019-16464

CVE-2019-16471

Heap Overflow

Arbitrary Code Execution

Critical

CVE-2019-16451

Buffer Error

Arbitrary Code Execution

Critical

CVE-2019-16462

CVE-2019-16470

Untrusted Pointer Dereference

Arbitrary Code Execution

Critical

CVE-2019-16446

CVE-2019-16455

CVE-2019-16460

CVE-2019-16463

Binary Planting (default folder privilege escalation)

Privilege Escalation

Important

CVE-2019-16444

Security Bypass

Arbitrary Code Execution

Critical

CVE-2019-16453

Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:

  • Mateusz Jurczyk of Google Project Zero & Anonymous working with Trend Micro Zero Day Initiative (CVE-2019-16451)
  • Honc (章哲瑜) (CVE-2019-16444)
  • Ke Liu of Tencent Security Xuanwu Lab. (CVE-2019-16445, CVE-2019-16449, CVE-2019-16450, CVE-2019-16454, CVE-2019-16471)
  • Sung Ta (@Mipu94) of SEFCOM Lab, Arizona State University (CVE-2019-16446, CVE-2019-16448)
  • Aleksandar Nikolic of Cisco Talos (CVE-2019-16463)
  • Technical support team of HTBLA Leonding (CVE-2019-16453)
  • Haikuo Xie of Baidu Security Lab (CVE-2019-16461)
  • Bit of STAR Labs (CVE-2019-16452)
  • Xinyu Wan and Yiwei Zhang from Renmin University of China (CVE-2019-16455, CVE-2019-16460, CVE-2019-16462)
  • Bo Qu of Palo Alto Networks and Heige of Knownsec 404 Security Team (CVE-2019-16456)
  • Zhibin Zhang of Palo Alto Networks (CVE-2019-16457)
  • Qi Deng, Ken Hsu of Palo Alto Networks (CVE-2019-16458)
  • Lexuan Sun, Hao Cai of Palo Alto Networks (CVE-2019-16459)
  • Yue Guan, Haozhe Zhang of Palo Alto Networks (CVE-2019-16464)
  • Hui Gao of Palo Alto networks (CVE-2019-16465)
  • Zhibin Zhang, Yue Guan of Palo Alto Networks (CVE-2019-16465)
  • Zhangqing and Zhiyuan Wang from cdsrc of Qihoo 360 (CVE-2019-16470)

March 26, 2020: Added acknowledgement for CVE-2019-16471, CVE-2019-16470

.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907