Adobe addressed two critical vulnerabilities in the Acrobat and Reader products, a use-after-free issue and a security bypass flaw.
The flaws affect the latest versions of Acrobat DC, Acrobat Reader DC, Acrobat 2017 and Acrobat Reader DC 2017 for Windows and macOS.
“Adobe has released security updates for Adobe Acrobat and Reader for Windows and MacOS. These updates address critical vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.” reads the security advisory published by Adobe.
The first flaw tracked as CVE-2018-16011 is a use-after-free bug that can lead to arbitrary code execution in the context of the current user. The second issue tracked as
Both flaws received a priority rating of 2 because experts at Adobe believe that their exploitation is not imminent.
Adobe credited Sebastian Apelt and Abdul Aziz Hariri respectively for reporting the CVE-2018-16011 and the CVE-2018-19725 flaws.
Both experts reported the flaws via the Trend Micro’s Zero Day Initiative (ZDI).
Adobe urges administrators to install the security patches within 30 days.
(SecurityAffairs – Adobe Acrobat, hacking)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.