This post is also available in: 日本語 (Japanese)

As part of ongoing threat research, Palo Alto Networks Unit 42 threat researchers have discovered 28 new vulnerabilities addressed by the Adobe Product Security Incident Response Team (PSIRT) as part of their May Adobe Security Bulletin APSB19-18 and five Foxit Reader vulnerabilities addressed by Foxit Software as part of their recent security update releases. The Adobe vulnerabilities discovered included 19 Critical and 9 Important rated vulnerabilities.

Palo Alto Networks customers with a Threat Prevention subscription who deploy our Security Operating Platform are protected from zero-day vulnerabilities such as these. Weaponized exploits for these vulnerabilities are prevented by Traps multi-layered exploit prevention and response capabilities. Threat Prevention capabilities, such as vulnerability protection with IPS and WildFire, provide our customers with comprehensive protection and automatic updates against previously unknown threats.

Palo Alto Networks appreciates both the recognition and credit Adobe and Foxit Software have given our Unit 42 threat researchers.

Palo Alto Networks is a regular contributor to vulnerability research in Microsoft, Adobe, Apple, Google Android, and other ecosystems with more than 200 critical vulnerabilities discovered. By proactively identifying these vulnerabilities, developing protections for our customers, and sharing the information with the security community, we are removing weapons used by attackers to threaten users and compromise enterprise, government, and service provider networks.

Palo Alto Networks will also present security research findings at the upcoming, prestigious Microsoft BlueHat Shanghai 2019. Two papers were accepted titled, “Is my Container Secure? Large-Scale Empirical Study on Container Vulnerabilities” by Authors Zhaoyan Xu, Yue Guan, Cecilia Hu, Bo Qu, and Xin Ouyang. The other paper is “Advanced Lateral Movement on Container-based K8s Cluster” by Authors Tongbo Luo and Zhaoyan Xu. Additionally, Hui Gao, from Palo Alto Networks, was added to the content advisory board for BlueHat Shanghai 2019.

Adobe Vulnerabilities Credited:

CVE Vulnerability Category Impact Maximum Severity Rating Researcher(s) CVE-2019-7762 Use After Free Arbitrary Code Execution Critical Gal De Leon CVE-2019-7841 Out-of-Bounds Read Information Disclosure Important Zhibin Zhang CVE-2019-7836 Out-of-Bounds Read Information Disclosure Important Zhibin Zhang CVE-2019-7835 Use After Free Arbitrary Code Execution Critical Zhibin Zhang CVE-2019-7774 Out-of-Bounds Read Information Disclosure Important Zhibin Zhang CVE-2019-7767 Use After Free Arbitrary Code Execution Critical Zhibin Zhang CVE-2019-7773 Out-of-Bounds Read Information Disclosure Important Bo Qu CVE-2019-7766 Use After Free Arbitrary Code Execution Critical Bo Qu CVE-2019-7764 Use After Free Arbitrary Code Execution Critical Bo Qu CVE-2019-7834 Use After Free Arbitrary Code Execution Critical Qi Deng CVE-2019-7833 Use After Free Arbitrary Code Execution Critical Qi Deng CVE-2019-7832 Use After Free Arbitrary Code Execution Critical Qi Deng CVE-2019-7772 Use After Free Arbitrary Code Execution Critical Qi Deng CVE-2019-7768 Use After Free Arbitrary Code Execution Critical Qi Deng CVE-2019-7808 Use After Free Arbitrary Code Execution Critical Hui Gao CVE-2019-7807 Use After Free Arbitrary Code Execution Critical Hui Gao CVE-2019-7806 Use After Free Arbitrary Code Execution Critical Hui Gao CVE-2019-7793 Out-of-Bounds Read Information Disclosure Important Zhaoyan Xu CVE-2019-7792 Use After Free Arbitrary Code Execution Critical Zhaoyan Xu CVE-2019-7783 Use After Free Arbitrary Code Execution Critical Zhaoyan Xu CVE-2019-7782 Use After Free Arbitrary Code Execution Critical Zhanglin He CVE-2019-7781 Use After Free Arbitrary Code Execution Critical Zhanglin He CVE-2019-7778 Out-of-Bounds Read Information Disclosure Important Zhanglin He CVE-2019-7765 Use After Free Arbitrary Code Execution Critical Zhanglin He CVE-2019-7777 Out-of-Bounds Read Information Disclosure Important Taojie Wang CVE-2019-7776 Out-of-Bounds Read Information Disclosure Important Taojie Wang CVE-2019-7775 Out-of-Bounds Read Information Disclosure Important Taojie Wang CVE-2019-7763 Use After Free Arbitrary Code Execution Critical Taojie Wang

Foxit Software Vulnerabilities Credited: