Unit 42 Vulnerability Research October 2018 Disclosures – Adobe

As part of Unit 42’s ongoing threat research, we can now disclose that Palo Alto Networks Unit 42 researchers have discovered ten vulnerabilities addressed by the Adobe Product Security Incident Response Team (PSIRT) as part of their October 2018 APSB18-30 security update release.

CVE Vulnerability Category Impact Maximum Severity Rating Researcher(s)
CVE-2018-12769 Use After Free Arbitrary Code Execution Critical Gal De Leon
CVE-2018-12832 Heap Overflow Arbitrary Code Execution Critical Gal De Leon
CVE-2018-12836 Heap Overflow Arbitrary Code Execution Critical Gal De Leon
CVE-2018-12846 Heap Overflow Arbitrary Code Execution Critical Gal De Leon
CVE-2018-15920 Use After Free Arbitrary Code Execution Critical Gal De Leon
CVE-2018-15924 Use After Free Arbitrary Code Execution Critical Hui Gao
CVE-2018-15922 Out-of-bounds read Information Disclosure Important Bo Qu and Zhibin Zhang
CVE-2018-15923 Out-of-bounds read Information Disclosure Important Bo Qu and Zhibin Zhang
CVE-2018-15925 Out-of-bounds read Information Disclosure Important Hui Gao
CVE-2018-15968 Out-of-bounds read Information Disclosure Important Hui Gao

Palo Alto Networks customers who deploy our Next-Generation Security Platform are protected from zero-day vulnerabilities such as these. Weaponized exploits for these vulnerabilities are prevented by Traps multi-layered exploit prevention capabilities. Threat prevention capabilities such as application control, IPS, and WildFire provide our customers with comprehensive protection and automatic updates against previously unknown threats.

Palo Alto Networks is a regular contributor to vulnerability research in Microsoft, Adobe, Apple, Google Android and other ecosystems. By proactively identifying these vulnerabilities, developing protections for our customers, and sharing the information with the security community, we are removing weapons used by attackers to threaten users, and compromise enterprise, government, and service provider networks.