Adobe Acrobat | Breaking Cybersecurity News | The Hacker News

No, it's not a patch Tuesday. It's the third Tuesday of the month, and as The Hacker News shared an early heads-up late last week on Twitter, Adobe today finally released pre-announced out-of-band security updates to patch a total of 82 security vulnerabilities across its various products. The affected products that received security patches today include: Adobe Acrobat and Reader Adobe Experience Manager Adobe Experience Manager Forms Adobe Download Manager Out of 82 security vulnerabilities, 45 are rated critical, and all of them affect Adobe Acrobat and Reader and which, if exploited successfully, could lead to arbitrary code execution in the context of the current user. A majority of critical-rated vulnerabilities (i.e., 26) in Adobe Acrobat and Reader reside due to use-after-free, 6 due to out-of-bounds write, 4 are type confusion bugs, 4 due to untrusted pointer dereference, 3 are heap overflow bugs, one buffer overrun and one race condition issue. Ad...

Adobe today released its monthly software updates to patch a total of 87 security vulnerabilities in its Adobe Acrobat and Reader, Flash Player and Media Encoder, most of which could lead to arbitrary code execution attacks or worse. None of the flaws patched this month in Adobe products has been found exploited in the wild. Out of 87 total flaws, a whopping number of vulnerabilities (i.e., 84 in total) affect Adobe Acrobat and Reader applications alone, where 42 of them are critical and rest 42 are important in severity. Upon successful exploitation, all critical vulnerabilities in Adobe Acrobat and Reader software lead to arbitrary code execution, allowing attackers to take complete control over targeted systems. Adobe has released updated versions of Acrobat and Reader software for Windows and macOS operating systems to address these security vulnerabilities. The update for Adobe Flash Player , which will receive security patch updates until the end of 2020, comes this...

Are you using the cloud or thinking about transitioning? Undoubtedly, multi-cloud and hybrid environments offer numerous benefits for organizations. However, the cloud's flexibility, scalability, and efficiency come with significant risk — an expanded attack surface. The decentralization that comes with utilizing multi-cloud environments can also lead to limited visibility into user activity and poor access management.  Privileged accounts with access to your critical systems and sensitive data are among the most vulnerable elements in cloud setups. When mismanaged, these accounts open the doors to unauthorized access, potential malicious activity, and data breaches. That's why strong privileged access management (PAM) is indispensable. PAM plays an essential role in addressing the security challenges of complex infrastructures by enforcing strict access controls and managing the life cycle of privileged accounts. By employing PAM in hybrid and cloud environments, you're not...

Good morning readers, it's Patch Tuesday again—the day of the month when Adobe and Microsoft release security patches for their software. Adobe just released its monthly security updates to address a total of 40 security vulnerabilities in several of its products, including Flash Player, Adobe Acrobat and Reader, and Shockwave Player. According to an advisory, Adobe Acrobat and Reader applications for Microsoft Windows and Apple macOS operating systems are vulnerable to a total 21 vulnerabilities, 11 of which have been rated as critical in severity. Upon successful exploitation, all critical vulnerabilities in Adobe Acrobat and Reader software lead to arbitrary code execution, allowing attackers to take complete control over targeted systems. Remaining ten vulnerabilities in the most widely used PDF reader are all rated as important and could lead to information disclosure. If your system hasn't yet detected the availability of the new update automatically, you sh...

Welcome back! Adobe has today released its monthly security updates to address a total of 75 security vulnerabilities across its various products, 71 of which resides in Adobe Acrobat and Reader alone. February 2019 patch Tuesday updates address several critical and important vulnerabilities in Adobe Acrobat Reader DC, Adobe Coldfusion, Creative Cloud Desktop Application, and Adobe Flash Player for Windows, macOS, Linux, and Chrome OS. According to the advisory released today, 43 out of 71 vulnerabilities addressed by Adobe in Acrobat and Reader are rated as critical in severity, most of which could lead to arbitrary code execution in the context of the current user upon successful exploitation. The update also includes a permanent fix for a critical, publicly disclosed zero-day vulnerability (CVE 2019-7089) impacting Adobe Reader that could allow remote attackers to steal targeted Windows NTLM hash passwords just by tricking victims into opening a specially crafted PDF fi...

I hope you had biggest, happiest and craziest New Year celebration, but now it's time to come back at work and immediately update your systems to patch new security flaws that could exploit your computer just by opening a PDF file. Adobe has issued an out-of-band security update to patch two critical vulnerabilities in the company's Acrobat and Reader for both the Windows and macOS operating systems. Though the San Jose, California-based software company did not give details about the vulnerabilities, it did classify the security flaws as critical since they allow privilege escalation and arbitrary code execution in the context of the current user. Both the vulnerabilities were reported to Adobe by security researchers--Abdul-Aziz Hariri and Sebastian Apelt—from Trend Micro's Zero Day Initiative (ZDI). Critical Adobe Acrobat and Reader Vulnerabilities The first vulnerability, reported by Apelt and identified as CVE-2018-16011, is a use-after-free bug that can lead...

Adobe is closing out this year with its December Patch Tuesday update to address a massive number of security vulnerabilities for just its two PDF apps—more than double the number of what Microsoft patched this month for its several products. Adobe today released patches for 87 vulnerabilities affecting its Acrobat and Reader software products for both macOS and Windows operating systems, of which 39 are rated as critical and 48 important in severity. The security update comes less than a week after Adobe released patches for a critical zero-day vulnerability (CVE-2018-15982) in Flash Player that was actively being exploited in a targeted attack targeting a Russian state health care institution. The critical vulnerabilities addressed today in Acrobat and Reader include three heap-overflow bugs, five out-of-bounds write flaws, two untrusted pointer dereference issues, two buffer errors, and 24 use-after-free bugs. Upon successful exploitation, all of the above critical vulner...

Adobe has released September 2018 security patch updates for a total of 10 vulnerabilities in Flash Player and ColdFusion, six of which are rated as critical that affected ColdFusion and could allow attackers to remotely execute arbitrary code on a vulnerable server. What's the good news this month for Adobe users? This month Adobe Acrobat and Reader applications did not receive any patch update, while Adobe Flash Player has received an update for just a single privilege escalation vulnerability (CVE-2018-15967) rated as important. Secondly, Adobe said none of the security vulnerabilities patched this month were either publicly disclosed or found being actively exploited in the wild. Total 9 Security Patches for Adobe ColdFusion Adobe has addressed a total of nine security vulnerabilities in its ColdFusion web application development platform, six of which are critical, two important and one moderate. According to the advisory released by Adobe, ColdFusion contain...

Adobe has released August 2018 security patch updates for a total of 11 vulnerabilities in its products, two of which are rated as critical that affect Adobe Acrobat and Reader software. The vulnerabilities addressed in this month updates affect Adobe Flash Player, Creative Cloud Desktop Application, Adobe Experience Manager, Adobe Acrobat and Reader applications. None of the security vulnerabilities patched this month were either publicly disclosed or found being actively exploited in the wild. Adobe Acrobat and Reader (Windows and macOS) Security researchers from Trend Micro's Zero Day Initiative and Cybellum Technologies have discovered and reported two critical arbitrary code execution vulnerabilities respectively in Acrobat DC and Acrobat Reader DC for Windows and macOS. According to the Adobe advisory, the flaw (CVE-2018-12808) reported by Cybellum Technologies is an out-of-bounds write flaw, whereas the bug (CVE-2018-12799) reported by Zero Day Initiative is an...

Yet another incident which showcases that you should not explicitly trust user-controlled software repositories. One of the most popular Linux distros Arch Linux has pulled as many as three user-maintained software repository AUR packages after it was found hosting malicious code. Arch Linux is an independently developed, general-purpose GNU/Linux distribution composed predominantly of free and open-source software, and supports community involvement. Besides official repositories like Arch Build System (ABS), Arch Linux users can also download software packages from several other repositories, including AUR (Arch User Repository), a community-driven repository created and managed by Arch Linux users. Since AUR packages are user-produced content, Arch maintainers always suggest Linux users to carefully check all files, especially PKGBUILD and any .install file for malicious commands. However, this AUR repository has recently been found hosting malware code in several inst...

Adobe has released security patches for a total 112 vulnerabilities in its products, most of which have a higher risk of being exploited. The vulnerabilities addressed in this month's patch Tuesday affect Adobe Flash Player, Adobe Experience Manager, Adobe Connect, Adobe Acrobat, and Reader. None of the security vulnerabilities patched this month were either publicly disclosed or found being actively exploited in the wild. Adobe Flash Player (For Desktops and Browsers) Security updates include patches for two vulnerabilities in Adobe Flash Player for various platforms and application, as listed below. One of which has been rated critical (CVE-2018-5007), and successful exploitation of this "type confusion" flaw could allow an attacker to execute arbitrary code on the targeted system in the context of the current user. This flaw was discovered and reported to Adobe by willJ of Tencent PC Manager working with Trend Micro's Zero Day Initiative. Withou...

Security researchers at Microsoft have unveiled details of two critical and important zero-day vulnerabilities that had recently been discovered after someone uploaded a malicious PDF file to VirusTotal, and get patched before being used in the wild . In late March, researchers at ESET found a malicious PDF file on VirusTotal, which they shared with the security team at Microsoft "as a potential exploit for an unknown Windows kernel vulnerability." After analyzing the malicious PDF file, the Microsoft team found that the same file includes two different zero-day exploits—one for Adobe Acrobat and Reader, and the other targeting Microsoft Windows. Since the patches for both the vulnerabilities were released in the second week of May, Microsoft released details of both the vulnerabilities today, after giving users enough time to update their vulnerable operating systems and Adobe software. According to the researchers, the malicious PDF including both the zero-days e...

Adobe has just released new versions of its Acrobat DC, Reader and Photoshop CC for Windows and macOS users that patch 48 vulnerabilities in its software. A total of 47 vulnerabilities affect Adobe Acrobat and Reader applications, and one critical remote code execution flaw has been patched in Adobe Photoshop CC. Out of 47, Adobe Acrobat and Reader affect with 24 critical vulnerabilities —categorized as Double Free, Heap Overflow, Use-after-free, Out-of-bounds write, Type Confusion, and Untrusted pointer dereference—which if exploited, could allow arbitrary code execution in the context of the targeted user. Rest of the 23 flaws, including Security Bypass, Out-of-bounds read, Memory Corruption, NTLM SSO hash theft, and HTTP POST newline injection via XFA submission, are marked as important and can lead to information disclosure or security bypass. The above-listed vulnerabilities impact the Windows and macOS versions of Acrobat DC (Consumer and Classic 2015), Acrobat Rea...

Adobe has released security updates to fix seven vulnerabilities in its Flash and Air platforms and one in its Reader and Acrobat which, according to the company, is being exploited by attackers in wild " ...in limited, isolated attacks targeting Adobe Reader users on Windows. " The vulnerabilities could allow an attacker to " take control of affected systems " marked critical by the company. A new, out-of-band patch addresses a zero-day vulnerability (CVE-2014-0546) in Adobe Reader and Acrobat that offers an attacker the possibility to bypass sandbox protection and has been leveraged in "limited, isolated attacks" against Windows users. " These updates resolve a sandbox bypass vulnerability that could be exploited to run native code with escalated privileges on Windows, " Adobe warned. The lone vulnerability in Adobe Acrobat and Reader was reported by Kaspersky Lab Global Research and Analysis Team director Costin Raiu and V...