¿Le preocupan las vulnerabilidades de la VPN? Descubra cómo puede beneficiarse de nuestra oferta de migración de VPN, que incluye 60 días de servicio gratuito.

Consultores de seguridad de Zscaler

Aviso de seguridad - enero 12, 2022

Zscaler protects against 25 new vulnerabilities for Adobe Acrobat and Reader

Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 25 vulnerabilities included in the January 2021 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the January release and deploy additional protections, as necessary.

APSB22-01 – Security updates available for Adobe Acrobat and Reader.

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple critical, important, and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution, memory leak, application denial of service,  security feature bypass and privilege escalation.

Affected Software

  • Acrobat DC Continuous 21.007.20099and earlier versions for Windows
  • Acrobat Reader DC Continuous 21.007.20099 and earlier versions for Windows
  • Acrobat DC Continuous 21.007.20099 and earlier versions for macOS
  • Acrobat Reader DC Continuous 21.007.20099 and earlier versions for macOS
  • Acrobat 2020 Classic 2020 20.004.30017 and earlier versions for Windows & macOS
  • Acrobat Reader 2020 Classic 20.004.30017 and earlier versions for Windows & macOS
  • Acrobat 2017 Classic 2017 17.011.30204 and earlier versions for Windows & macOS
  • Acrobat Reader 2017 Classic 2017 17.011.30204 and earlier versions for Windows & macOS

CVE-2021-44701 – Use After Free vulnerability leading to Arbitrary code execution

Severity: Critical

 

CVE-2021-44702 – Improper Access Control vulnerability leading to Privilege escalation

Severity: Critical

 

CVE-2021-44703 – Stack-based Buffer Overflow vulnerability leading to Arbitrary code execution

Severity: Critical

 

CVE-2021-44704 – Use After Free vulnerability leading to Arbitrary code execution

Severity: Critical

 

CVE-2021-44705 – Access of Uninitialized Pointer vulnerability leading to Arbitrary code execution.

Severity: Critical

 

CVE-2021-44706 – Use After Free vulnerability leading to Arbitrary code execution.

Severity: Critical

 

CVE-2021-44707 – Out-of-bounds Write vulnerability leading to Arbitrary code execution

Severity: Critical

 

CVE-2021-44708 – Heap-based Buffer Overflow vulnerability leading to Arbitrary code execution

Severity: Critical

 

CVE-2021-44709 – Heap-based Buffer Overflow vulnerability leading to Arbitrary code execution.

Severity: Critical

 

CVE-2021-44710 – Use After Free vulnerability leading to Arbitrary code execution.

Severity: Critical

 

CVE-2021-44712 – Improper Input Validation vulnerability leading to Application denial-of-service.

Severity: Important

 

CVE-2021-44713 – Use After Free vulnerability leading to Application denial-of-service.

Severity: Important

 

CVE-2021-44714 – Violation of Secure Design Principles vulnerability leading to Security feature bypass.

Severity: Moderate

 

CVE-2021-44715 – Out-of-bounds Read vulnerability leading to Memory Leak.

Severity: Moderate

 

CVE-2021-44739 – Improper Input Validation vulnerability leading to Security feature bypass

Severity: Moderate

 

CVE-2021-44740 – NULL Pointer Dereference vulnerability leading to Application denial-of-service.

Severity: Moderate

 

CVE-2021-44741 – NULL Pointer Dereference vulnerability leading to Application denial-of-service.

Severity: Moderate

 

CVE-2021-44742 – Out-of-bounds Read vulnerability leading to Memory Leak.

Severity: Moderate

 

CVE-2021-45060 – Out-of-bounds Read vulnerability leading to Arbitrary code execution.

Severity: Critical

 

CVE-2021-45061 – Out-of-bounds Write vulnerability leading to Arbitrary code execution

Severity: Critical

 

CVE-2021-45062 – Use After Free vulnerability leading to Arbitrary code execution.

Severity: Critical

 

CVE-2021-45063 – Use After Free vulnerability leading to Privilege escalation

Severity: Moderate

 

CVE-2021-45064 – Use After Free vulnerability leading to Arbitrary code execution.

Severity: Critical

 

CVE-2021-45067 – Access of Memory Location After End of Buffer vulnerability leading to Memory Leak.

Severity: Important

 

CVE-2021-45068 – Out-of-bounds Write vulnerability leading to Arbitrary code execution

Severity: Critical