The version of Adobe Reader installed on the remote macOS host is a version prior to 15.006.30119 or 15.010.20056. It is, therefore, affected by multiple vulnerabilities.

  - Use-after-free vulnerability in the Doc object implementation in Adobe Reader and Acrobat before 11.0.14,     Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous     before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code via unspecified     vectors, a different vulnerability than CVE-2016-0934, CVE-2016-0937, CVE-2016-0940, and CVE-2016-0941.
    (CVE-2016-0932)

  - Use-after-free vulnerability in AGM.dll in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat     Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on     Windows and OS X allows attackers to execute arbitrary code via a multiple-layer PDF document, a different     vulnerability than CVE-2016-0932, CVE-2016-0937, CVE-2016-0940, and CVE-2016-0941. (CVE-2016-0934)

  - Use-after-free vulnerability in the OCG object implementation in Adobe Reader and Acrobat before 11.0.14,     Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous     before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code via unspecified     vectors, a different vulnerability than CVE-2016-0932, CVE-2016-0934, CVE-2016-0940, and CVE-2016-0941.
    (CVE-2016-0937)

  - Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC     Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows     and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability     than CVE-2016-0932, CVE-2016-0934, CVE-2016-0937, and CVE-2016-0941. (CVE-2016-0940)

  - Use-after-free vulnerability in the Search object implementation in Adobe Reader and Acrobat before     11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC     Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code via     unspecified vectors, a different vulnerability than CVE-2016-0932, CVE-2016-0934, CVE-2016-0937, and     CVE-2016-0940. (CVE-2016-0941)

  - Double free vulnerability in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC     Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows     and OS X allows attackers to execute arbitrary code via a crafted ExtGState dictionary. (CVE-2016-0935)

  - Double free vulnerability in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC     Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows     and OS X allows attackers to execute arbitrary code via a crafted Graphics State dictionary.
    (CVE-2016-1111)

  - Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and     Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to     execute arbitrary code or cause a denial of service (memory corruption) via a crafted FileAttachment     annotation, a different vulnerability than CVE-2016-0933, CVE-2016-0936, CVE-2016-0938, CVE-2016-0939,     CVE-2016-0942, CVE-2016-0944, CVE-2016-0945, and CVE-2016-0946. (CVE-2016-0931)

  - Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and     Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to     execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a     different vulnerability than CVE-2016-0931, CVE-2016-0936, CVE-2016-0938, CVE-2016-0939, CVE-2016-0942,     CVE-2016-0944, CVE-2016-0945, and CVE-2016-0946. (CVE-2016-0933)

  - Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and     Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to     execute arbitrary code or cause a denial of service (memory corruption) via crafted JPEG 2000 data, a     different vulnerability than CVE-2016-0931, CVE-2016-0933, CVE-2016-0938, CVE-2016-0939, CVE-2016-0942,     CVE-2016-0944, CVE-2016-0945, and CVE-2016-0946. (CVE-2016-0936)

  - The AcroForm plugin in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic     before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X     allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via     unspecified vectors, a different vulnerability than CVE-2016-0931, CVE-2016-0933, CVE-2016-0936,     CVE-2016-0939, CVE-2016-0942, CVE-2016-0944, CVE-2016-0945, and CVE-2016-0946. (CVE-2016-0938)

  - Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and     Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to     execute arbitrary code or cause a denial of service (uninitialized pointer dereference and memory     corruption) via unspecified vectors, a different vulnerability than CVE-2016-0931, CVE-2016-0933,     CVE-2016-0936, CVE-2016-0938, CVE-2016-0942, CVE-2016-0944, CVE-2016-0945, and CVE-2016-0946.
    (CVE-2016-0939)

  - Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and     Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to     execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a     different vulnerability than CVE-2016-0931, CVE-2016-0933, CVE-2016-0936, CVE-2016-0938, CVE-2016-0939,     CVE-2016-0944, CVE-2016-0945, and CVE-2016-0946. (CVE-2016-0942)

  - Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and     Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to     execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a     different vulnerability than CVE-2016-0931, CVE-2016-0933, CVE-2016-0936, CVE-2016-0938, CVE-2016-0939,     CVE-2016-0942, CVE-2016-0945, and CVE-2016-0946. (CVE-2016-0944)

  - Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and     Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to     execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a     different vulnerability than CVE-2016-0931, CVE-2016-0933, CVE-2016-0936, CVE-2016-0938, CVE-2016-0939,     CVE-2016-0942, CVE-2016-0944, and CVE-2016-0946. (CVE-2016-0945)

  - Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and     Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to     execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a     different vulnerability than CVE-2016-0931, CVE-2016-0933, CVE-2016-0936, CVE-2016-0938, CVE-2016-0939,     CVE-2016-0942, CVE-2016-0944, and CVE-2016-0945. (CVE-2016-0946)

  - Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and     Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X mishandle the Global     object, which allows attackers to bypass JavaScript API execution restrictions via unspecified vectors.
    (CVE-2016-0943)

  - Untrusted search path vulnerability in Adobe Download Manager, as used in Adobe Reader and Acrobat before     11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC     Continuous before 15.010.20056 on Windows and OS X, allows local users to gain privileges via a crafted     resource in an unspecified directory. (CVE-2016-0947)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Adobe Reader < 15.006.30119 / 15.010.20056 Multiple Vulnerabilities (APSB16-02) (macOS)

critical Nessus Plugin ID 209468

Version 1.2

Version 1.1

Version 1.2 Oct 22, 2024, 8:01 AM Exploit attributes ("Exploited by malware" set to "True") Plugin Feed: 202410220801
Version 1.1 Oct 21, 2024, 9:21 PM New Plugin Feed: 202410212121