Vulnerabilities

Unit 42 Vulnerability Research July 2018 Disclosures – Adobe

Clock Icon < 1 min read

As part of Unit 42’s ongoing threat research, we can now disclose that Palo Alto Networks Unit 42 researchers have discovered eight vulnerabilities addressed by the Adobe Product Security Incident Response Team (PSIRT) as part of their July 2018 security update release.

CVE Vulnerability Name Maximum Severity Rating Impact Researcher(s)
CVE-2018-5009 Use-after-free Critical Arbitrary Code Execution Gal De Leon
CVE-2018-5021 Out-of-bounds write Critical Arbitrary Code Execution Bo Qu
CVE-2018-5022 Out-of-bounds read Important Information Disclosure Bo Qu
CVE-2018-5023 Out-of-bounds read Important Information Disclosure Zhanglin He and Bo Qu
CVE-2018-5024 Out-of-bounds read Important Information Disclosure Zhanglin He and Bo Qu
CVE-2018-5025 Out-of-bounds read Important Information Disclosure Bo Qu
CVE-2018-5026 Out-of-bounds read Important Information Disclosure Bo Qu
CVE-2018-5066 Out-of-bounds read Important Information Disclosure Gal De Leon

Palo Alto Networks customers who deploy our Security Operating Platform are protected from zero-day vulnerabilities such as these. Weaponized exploits for these vulnerabilities are prevented by Traps multi-layered exploit prevention capabilities. Threat prevention capabilities such as application control, IPS, and WildFire provide our customers with comprehensive protection and automatic updates against previously unknown threats.
Palo Alto Networks is a regular contributor to vulnerability research in Microsoft, Adobe, Apple, Google Android and other ecosystems. By proactively identifying these vulnerabilities, developing protections for our customers, and sharing the information with the security community, we are removing weapons used by attackers to threaten users, and compromise enterprise, government, and service provider networks.

Tags

Enlarged Image