Zscaler protects against 6 new vulnerabilities for Adobe Reader.

Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 6 vulnerabilities included in the May 2019 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the May release and deploy additional protections as necessary.

APSB19-18 – Security updates available for Adobe Acrobat and Reader.

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Affected Software

• Acrobat DC (Continuous) 2019.010.20100 and earlier versions for Windows and macOS
• Acrobat Reader DC (Continuous) 2019.010.20099 and earlier versions for Windows and macOS    
• Acrobat 2017 (Classic 2017) 2017.011.30140 and earlier version for Windows and macOS
• Acrobat Reader 2017 (Classic 2017) 2017.011.30138 and earlier version for Windows and macOS
• Acrobat DC (Classic 2015) 2015.006.30495 and earlier versions for Windows and macOS
• Acrobat Reader DC (Classic 2015) 2015.006.30493 and earlier versions for Windows and macOS

CVE-2019-7142 – Out-of-Bounds Read Vulnerability leading to Information Disclosure.

Severity: Important

CVE-2019-7780 – Out-of-Bounds Read Vulnerability leading to Information Disclosure.

Severity: Important

CVE-2019-7790 – Out-of-Bounds Read Vulnerability leading to Information Disclosure.

Severity: Important

CVE-2019-7779 – Security Bypass Vulnerability leading to Arbitrary Code Execution.

Severity: Critical

Subscriptions Required

• Advanced Threat Protection

CVE-2019-7791 – Use After Free Vulnerability leading to Arbitrary Code Execution.

Severity: Critical

CVE-2019-7771 – Out-of-Bounds Read Vulnerability leading to Information Disclosure.

Severity: Important