Consejos de seguridad de Zscaler

Aviso de seguridad - October 11, 2022

Zscaler protects against 5 new vulnerabilities for Adobe Acrobat and Reader

Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 5 vulnerabilities included in the October 2022 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the October release and deploy additional protections, as necessary.

APSB22-46 – Security updates available for Adobe Acrobat and Reader.

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to application denial-of-service and memory leak.

Affected Software

  • Acrobat DC Continuous 22.002.20212 and earlier versions for Windows &  macOS
  • Acrobat Reader DC Continuous 22.002.20212 and earlier versions for Windows &  macOS
  • Acrobat 2020 Classic 2020 20.005.30381 and earlier versions for Windows & macOS
  • Acrobat Reader 2020 Classic 20.005.30381 and earlier versions for Windows & macOS

CVE-2022-35691 – NULL Pointer Dereference vulnerability leading to Application denial-of-service

Severity: Important

CVE-2022-38437 – Use After Free vulnerability leading to Memory leak

Severity: Important

CVE-2022-38449 – Out-of-bounds Read vulnerability leading to Memory leak

Severity: Important

CVE-2022-38450 – Stack-Based Buffer Overflow vulnerability leading to Arbitrary code execution

Severity: Critical

CVE-2022-42339 – Stack-Based Buffer Overflow vulnerability leading to Arbitrary code execution

Severity: Critical