½ÇÁ¦ ħÇØ»ç°í¿¡ Ãë¾àÁ¡ ¾Ç¿ëµÈ »ç·Ê ÀÖ¾î...°¢º°ÇÑ ÁÖÀÇ ÇÊ¿ä
[º¸¾È´º½º ±è°æ¾Ö ±âÀÚ] ¾îµµºñ(Adobe)»ç´Â Adobe Flash Player¿¡ ¿µÇâÀ» ¹ÌÄ¡´Â Type Confusion Ãë¾àÁ¡À» ÇØ°áÇÑ º¸¾È ¾÷µ¥ÀÌÆ®¸¦ ¹ßÇ¥Çß´Ù. ƯÈ÷, À̹ø¿¡ ¹ß°ßµÈ Ãë¾àÁ¡Àº ½ÇÁ¦ ħÇØ»ç°í¿¡ ¾Ç¿ëµÈ ¹Ù ÀÖ¾î ÇÊÈ÷ ¾÷µ¥ÀÌÆ®¸¦ Àû¿ëÇÏ´Â °ÍÀÌ ¹Ù¶÷Á÷ÇÏ´Ù.
[À̹ÌÁö=AdobeȨÆäÀÌÁö]
ÇØ´ç Ãë¾àÁ¡Àº °ø°ÝÀÚ°¡ Ãë¾àÁ¡À» ¾Ç¿ëÇÏ¿© ¾Ç¼ºÄÚµå °¨¿° µîÀÇ ÇÇÇظ¦ ¹ß»ý½Ãų ¼ö ÀÖ´Ù. ÀÌ¿Í °ü·Ã Çѱ¹ÀÎÅͳÝÁøÈï¿ø ÃøÀº ¡°ÇØ´ç Ãë¾àÁ¡Àº ½ÇÁ¦ ħÇØ»ç°í¿¡ ¾Ç¿ëµÈ »ç·Ê°¡ ÀÖ¾î ÀÌ¿ëÀÚµéÀÇ °¢º°ÇÑ ÁÖÀÇ¿Í Àû±ØÀûÀÎ ´ëó°¡ ÇÊ¿äÇÏ´Ù¡±°í ´çºÎÇß´Ù.
À̹ø¿¡ ¹ß°ßµÈ Ãë¾àÁ¡Àº ¡âAdobe Flash Player ¡âAdobe Photoshop CC ¡âAdobe Connect ¡âAdobe Acrobat and Reader ¡âAdobe DNG Converter ¡âAdobe InDesign ¡âAdobe Digital Editions ¡âAdobe Shockwave Player ¡âAdobe Experience Manager¿¡¼ ¹ß»ýÇÏ´Â Ãë¾àÁ¡ÀÌ´Ù.
¸ÕÀú Adobe Flash Player¿¡¼ ¹ß»ýÇÏ´Â Ãë¾àÁ¡Àº ¡â¿ø°ÝÄÚµå ½ÇÇàÀ¸·Î À̾îÁú ¼ö ÀÖ´Â Out-of-Bounds Read Ãë¾àÁ¡(CVE-2017-3112, CVE-2017-3114, CVE-2017-11213) ¡â¿ø°ÝÄÚµå ½ÇÇàÀ¸·Î À̾îÁú ¼ö ÀÖ´Â Use After Free Ãë¾àÁ¡(CVE-2017-11215, CVE-2017-11225) µî 5°³ Ãë¾àÁ¡ÀÌ´Ù.
À̾î Adobe Photoshop CC¿¡¼ ¹ß»ýÇÏ´Â Ãë¾àÁ¡Àº ¡â¿ø°ÝÄÚµå ½ÇÇàÀ¸·Î À̾îÁú ¼ö ÀÖ´Â ¸Þ¸ð¸® ¼Õ»ó Ãë¾àÁ¡(CVE-2017-11303)°ú ¡â¿ø°ÝÄÚµå ½ÇÇàÀ¸·Î À̾îÁú ¼ö ÀÖ´Â Use After Free Ãë¾àÁ¡(CVE-2017-11304) 2°³ÀÌ´Ù.
Adobe Connect¿¡¼ ¹ß»ýÇÏ´Â Ãë¾àÁ¡Àº ¡â³×Æ®¿öÅ© Á¢±Ù Á¦¾î ¿ìȸ¸¦ °¡´ÉÇÏ°Ô ÇÏ´Â Server-Side Request Forgery(SSRF) Ãë¾àÁ¡(CVE-2017-11291) ¡âÁ¤º¸ ³ëÃâ·Î À̾îÁú ¼ö ÀÖ´Â Reflected Cross-site Scripting Ãë¾àÁ¡(CVE-2017-11287, CVE-2017-11288, CVE-2017-11289) ¡âÁ¤º¸ ³ëÃâ·Î À̾îÁú ¼ö Àִ Ŭ¸¯ÀçÅ· Ãë¾àÁ¡(CVE-2017-11290) µî 5°³´Ù.
Adobe Acrobat and Reader¿¡¼ ¹ß»ýÇÏ´Â Ãë¾àÁ¡Àº ¹«·Á 62°³·Î ¡â¿ø°ÝÄÚµå ½ÇÇàÀ¸·Î À̾îÁú ¼ö ÀÖ´Â ÃʱâȵÇÁö ¾ÊÀº Æ÷ÀÎÅÍ¿¡ Á¢±ÙÇÏ¿© ¹ß»ýÇÏ´Â Ãë¾àÁ¡(CVE-2017-16377, CVE-2017-16378) ¡â¿ø°ÝÄÚµå ½ÇÇàÀ¸·Î À̾îÁú ¼ö ÀÖ´Â Use After Free Ãë¾àÁ¡(CVE-2017-16360, CVE-2017-16388, CVE-2017-16389, CVE-2017-16390, CVE-2017-16393, CVE-2017-16398) ¡âÀ߸øµÈ ±æÀÌ °ªÀ¸·Î ¹öÆÛ¿¡ Á¢±ÙÇØ ¹ß»ýÇÏ´Â ¿ø°ÝÄÚµå ½ÇÇà Ãë¾àÁ¡(CVE-2017-16381, CVE-2017-16385, CVE-2017-16392, CVE-2017-16395, CVE-2017-16396)
¡â¿ø°ÝÄÚµå ½ÇÇàÀ¸·Î À̾îÁú ¼ö ÀÖ´Â ¹öÆÛ ¿À¹ö¸®µå(over-read) Ãë¾àÁ¡(CVE-2017-16363, CVE-2017-16365, CVE-2017-16374, CVE-2017-16384, CVE-2017-16386, CVE-2017-16387) ¡â¿ø°ÝÄÚµå ½ÇÇàÀ¸·Î À̾îÁú ¼ö ÀÖ´Â ¹öÆÛ ¿À¹öÇ÷οì/¾ð´õÇ÷οì Ãë¾àÁ¡(CVE-2017-16368) ¡â¿ø°ÝÄÚµå ½ÇÇàÀ¸·Î À̾îÁú ¼ö ÀÖ´Â Èü ¿À¹öÇ÷οì Ãë¾àÁ¡(CVE-2016-16383)
¡â¹è¿ÀÇ À妽º °ª¿¡ ´ëÇÑ °ËÁõ ¹ÌÈíÀ¸·Î ¹ß»ýÇÏ´Â ¿ø°ÝÄÚµå ½ÇÇà Ãë¾àÁ¡(CVE-2017-16391, CVE-2017-16410) ¡â¿ø°ÝÄÚµå ½ÇÇàÀ¸·Î À̾îÁú ¼ö ÀÖ´Â Out-of-bounds ¾²±â Ãë¾àÁ¡(CVE-2017-16407, CVE-2017-16413, CVE-2017-16415, CVE-2017-16416) ¡âDrive-by-download·Î À̾îÁú ¼ö ÀÖ´Â º¸¾È ±â´É ¿ìȸ Ãë¾àÁ¡(CVE-2017-16361, CVE-2017-16366)
¡âÁ¤º¸ ³ëÃâ·Î À̾îÁú ¼ö ÀÖ´Â º¸¾È ±â´É ¿ìȸ Ãë¾àÁ¡(CVE-2017-16369) ¡â¿ø°ÝÄÚµå ½ÇÇàÀ¸·Î À̾îÁú ¼ö ÀÖ´Â º¸¾È ±â´É ¿ìȸ Ãë¾àÁ¡(CVE-2017-16380) ¡âÀÚ¿ø °ú¼Òºñ·Î À̾îÁú ¼ö ÀÖ´Â Stack Exhaustion Ãë¾àÁ¡(CVE-2017-16419)ÀÌ´Ù.
¡â¿ø°ÝÄÚµå ½ÇÇàÀ¸·Î À̾îÁú ¼ö ÀÖ´Â Type Confusion Ãë¾àÁ¡(CVE-2017-16367, CVE-2017-16479, CVE-2017-16406) ¡â¿ø°ÝÄÚµå ½ÇÇàÀ¸·Î À̾îÁú ¼ö ÀÖ´Â Untrusted Pointer Dereference Ãë¾àÁ¡(CVE-2017-16364, CVE-2017-16371, CVE-2017-16372, CVE-2017-16373, CVE-2017-16375, CVE-2017-16411)ÀÌ´Ù.
Adobe DNG Converter¿¡¼ ¹ß»ýÇÏ´Â Ãë¾àÁ¡Àº ¸Þ¸ð¸® ¼Õ»ó Ãë¾àÁ¡(CVE-2017-11295)ÀÌ´Ù.
Adobe InDesign¿¡¼ ¹ß»ýÇÏ´Â Ãë¾àÁ¡[6]Àº ¿ø°ÝÄÚµå ½ÇÇàÀ¸·Î À̾îÁú ¼ö ÀÖ´Â ¸Þ¸ð¸® ¼Õ»ó Ãë¾àÁ¡(CVE-2017-11302)ÀÌ´Ù.
Adobe Digital Editions¿¡¼ ¹ß»ýÇÏ´Â Ãë¾àÁ¡[7]Àº ¡âÁ¤º¸ ³ëÃâ·Î À̾îÁú ¼ö ÀÖ´Â ¾ÈÀüÇÏÁö ¾ÊÀº XXE ÆÄ½Ì Ãë¾àÁ¡(CVE-2017-11273) ¡â¸Þ¸ð¸® ÁÖ¼Ò À¯Ãâ·Î À̾îÁú ¼ö ÀÖ´Â Out-of-bounds Àбâ Ãë¾àÁ¡(CVE-2017-11297, CVE-2017-11298, CVE-2017-11299, CVE-2017-11300) ¡â¸Þ¸ð¸® ÁÖ¼Ò À¯Ãâ·Î À̾îÁú ¼ö ÀÖ´Â ¸Þ¸ð¸® ¼Õ»ó Ãë¾àÁ¡(CVE-2017-11301) Ãë¾àÁ¡ ÃÑ 6°³´Ù.
Adobe Shockwave Player¿¡¼ ¹ß»ýÇÏ´Â Ãë¾àÁ¡[8]Àº ¿ø°Ý ÄÚµå ½ÇÇàÀ¸·Î À̾îÁú ¼ö ÀÖ´Â ¸Þ¸ð¸® ¼Õ»ó Ãë¾àÁ¡(CVE-2017-11294)ÀÌ´Ù.
[À̹ÌÁö=Çѱ¹ÀÎÅͳÝÁøÈï¿ø]
Adobe Experience Manager¿¡¼ ¹ß»ýÇÏ´Â Ãë¾àÁ¡[9]Àº ¡âÁ¤º¸ ³ëÃâ·Î À̾îÁú ¼ö ÀÖ´Â Reflected Cross-Site-Scripting Ãë¾àÁ¡(CVE-2017-3109) ¡âHTTP GET ¿äû ³» ¹Î°¨ÇÑ ÅäÅ« Á¤º¸°¡ À¯ÃâµÇ¾î ¹ß»ýÇÏ´Â Á¤º¸ À¯Ãâ Ãë¾àÁ¡(CVE-2017-3111) ¡âÁ¤º¸ ³ëÃâ·Î À̾îÁú ¼ö ÀÖ´Â Cross-Site-Scripting Ãë¾àÁ¡(CVE-2017-11296) µî 3°³´Ù.
µû¶ó¼ Adobe Flash Player »ç¿ëÀÚ´Â À©µµ¿ìÁî, ¸Æ, ¸®´ª½º ȯ°æÀÇ Adobe Flash Player Desktop Runtime »ç¿ëÀÚ´Â 27.0.0.187 ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ® Àû¿ëÇØ¾ß ÇÑ´Ù.
Adobe Flash Player Download Center(https://get.adobe.com/flashplayer/)¿¡ ¹æ¹®ÇØ ÃֽŠ¹öÀüÀ» ¼³Ä¡Çϰųª ÀÚµ¿ ¾÷µ¥ÀÌÆ®¸¦ ÀÌ¿ëÇØ ¾÷±×·¹À̵åÇØ¾ß ÇÑ´Ù. Adobe Flash Player°¡ ¼³Ä¡µÈ ±¸±Û Å©·ÒÀº ÀÚµ¿À¸·Î ÃֽŠ¾÷µ¥ÀÌÆ® ¹öÀüÀ» Àû¿ëÇØ¾ß ÇÑ´Ù. ¶ÇÇÑ, Windows 10 ¹× Windows 8.1¿¡¼ Microsoft Edge, Internet Explorer 11¿¡ Adobe Flash Player¸¦ ¼³Ä¡ÇÑ »ç¿ëÀÚ´Â ÀÚµ¿À¸·Î ÃֽŠ¾÷µ¥ÀÌÆ®°¡ Àû¿ëµÇµµ·Ï Çϸé ÇÑ´Ù.
À©µµ¿ìÁî, ¸Æ ȯ°æÀÇ Adobe Photoshop CC »ç¿ëÀÚ´Â Adobe Photoshop CC 2018 19.0(2018.0) ¹öÀü ¶Ç´Â Adobe Photoshop CC 2017 18.1.2(2017.1.2) ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ®¸¦ Àû¿ëÇØ¾ß ÇÑ´Ù.
À©µµ¿ìÁî ȯ°æÀÇ Adobe Connect »ç¿ëÀÚ´Â 9.7 ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ®¸¦ Àû¿ëÇØ¾ß ÇÑ´Ù. https://helpx.adobe.com/adobe-connect/release-note/adobe-connect-9-7-release-notes.html »çÀÌÆ®¸¦ Âü°íÇÏ¸é µÈ´Ù.
Windows, Mac ȯ°æÀÇ Adobe Acrobat and Reader »ç¿ëÀÚ´Â ÇØ´çÇÏ´Â ¼ÒÇÁÆ®¿þ¾î¿¡ µû¶ó ÃֽŠ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ®¸¦ Àû¿ëÇØ¾ß ÇÑ´Ù. Adobe Acrobat Reader Download Center(https://get.adobe.com/kr/reader/)¿¡ ¹æ¹®ÇØ ÃֽŠ¹öÀüÀ» ¼³Ä¡Çϰųª ÀÚµ¿ ¾÷µ¥ÀÌÆ®¸¦ ÀÌ¿ëÇØ ¾÷±×·¹À̵带 Àû¿ëÇØ¾ß ÇÑ´Ù.
À©µµ¿ìÁî ȯ°æÀÇ Adobe DNG Converter »ç¿ëÀÚ´Â 10.0¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ® Àû¿ëÀ» ÇØ¾ß ÇÑ´Ù. http://supportdownloads.adobe.com/detail.jsp?ftpID=6220 »çÀÌÆ®¸¦ Âü°íÇÏ¸é µÈ´Ù.
À©µµ¿ìÁî, ¸Æ ȯ°æÀÇ Adobe InDesing »ç¿ëÀÚ´Â 13.0¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ®¸¦ Àû¿ëÇØ¾ß ÇÑ´Ù. https://helpx.adobe.com/indesign/release-note/indesign-cc-2018.html »çÀÌÆ®¸¦ Âü°íÇÏ¸é µÈ´Ù.
À©µµ¿ìÁî, ¸Æ, iOS, ¾Èµå·ÎÀ̵å ȯ°æÀÇ Adobe Digital Editions »ç¿ëÀÚ´Â 4.5.7 ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ®¸¦ Àû¿ëÇØ¾ß ÇÑ´Ù.
-À©µµ¿ìÁî, ¸Æ ´Ù¿î·Îµå : https://www.adocbe.com/solutions/ebook/digital-
editions/download.html
-iOS ´Ù¿î·Îµå : https://itunes.apple.com/us/app/adobe-digital-editions/id952977781?mt=8
-¾Èµå·ÎÀÌµå ´Ù¿î·Îµå : https://play.google.com/store/apps/details?
id=com.adobe.digitaleditions
À©µµ¿ìÁî ȯ°æÀÇ Adobe Shockwave »ç¿ëÀÚ´Â 12.3.1.201 ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ®¸¦ Àû¿ëÇØ¾ß ÇÑ´Ù(´Ù¿î·Îµå : https://get.adobe.com/shockwave/).
Adobe Experience Manager »ç¿ëÀÚ´Â ¾Æ·¡ ¸µÅ©¸¦ Âü°íÇØ ¾÷µ¥ÀÌÆ®¸¦ Àû¿ëÇØ¾ß ÇÑ´Ù.
Adobe Experience Manager 6.3 ¹öÀü : https://helpx.adobe.com/experience-
manager/kb/aem63-available-hotfixes.html
Adobe Experience Manager 6.2 ¹öÀü : https://helpx.adobe.com/experience-
manager/kb/aem62-available-hotfixes.html
Adobe Experience Manager 6.1 ¹öÀü : https://helpx.adobe.com/experience-
manager/kb/aem61-available-hotfixes.html
Adobe Experience Manager 6.0 ¹öÀü : https://helpx.adobe.com/experience-
manager/kb/aem60-available-hotfixes.html
Type Confusion Ãë¾àÁ¡: °´Ã¼ÀÇ ÀνºÅϽº°¡ ŸÀÔÀ» È¥µ¿ÇÏ¿© ³ª´Â ¿À·ù
Use-After-Free Ãë¾àÁ¡: ¼ÒÇÁÆ®¿þ¾î ±¸Çö ½Ã µ¿Àû ȤÀº Á¤ÀûÀ¸·Î ÇÒ´çµÈ ¸Þ¸ð¸®¸¦ ÇØÁ¦ÇßÀ½¿¡µµ ºÒ±¸ÇÏ°í À̸¦ °è¼Ó ÂüÁ¶(»ç¿ë)ÇØ ¹ß»ýÇÏ´Â Ãë¾àÁ¡
XXE(XML External Entity): XML ¹®¼¿¡¼ µ¿ÀûÀ¸·Î ¿ÜºÎ URIÀÇ ¸®¼Ò½º¸¦ Æ÷ÇÔ½Ãų ¼ö ÀÖ´Â ¿ÜºÎ ¿£Æ¼Æ¼¸¦ »ç¿ëÇÏ´Â °Í
Á» ´õ ÀÚ¼¼ÇÑ »çÇ×Àº Çѱ¹ÀÎÅͳÝÁøÈï¿ø ÀÎÅͳÝħÇØ´ëÀÀ¼¾ÅÍ(±¹¹ø¾øÀÌ 118)¿¡ ¹®ÀÇÇÏ¸é µÈ´Ù.
[Âü°í»çÀÌÆ®]
[1] https://helpx.adobe.com/security/products/flash-player/apsb17-33.html
[2] https://helpx.adobe.com/security/products/photoshop/apsb17-34.html
[3] https://helpx.adobe.com/security/products/connect/apsb17-35.html
[4] https://helpx.adobe.com/security/products/acrobat/apsb17-36.html
[5] https://helpx.adobe.com/security/products/dng-converter/apsb17-37.html
[6] https://helpx.adobe.com/security/products/indesign/apsb17-38.html
[7] https://helpx.adobe.com/security/products/Digital-Editions/apsb17-39.html
[8] https://helpx.adobe.com/security/products/shockwave/apsb17-40.html
[9] https://helpx.adobe.com/security/products/experience-manager/apsb17-41.html
[±è°æ¾Ö ±âÀÚ(boan3@boannews.com)]
<ÀúÀÛ±ÇÀÚ: º¸¾È´º½º(www.boannews.com) ¹«´ÜÀüÀç-Àç¹èÆ÷±ÝÁö>