On September 19, Adobe released an out-of-band security update that addressed seven vulnerabilities in Adobe Acrobat and Adobe Reader that affect both macOS and Windows. The update identified one vulnerability as critical, while the rest were classified as important. This came only days after Microsoft’s monthly Patch Tuesday, which addressed ten Adobe vulnerabilities affecting Flash Player and the ColdFusion web application development platform.
Adobe's security bulletin APSB18-34 identified CVE-2018-12848 as the most severe. If exploited, it would allow an attacker to arbitrarily execute code on a victim’s computer. The other important vulnerabilities on the list could open users up to information disclosure — unwanted exposure of valuable data.
Adobe gave the update a priority 2 rating, meaning it “resolves vulnerabilities in a product that has historically been at elevated risk.” There are currently no known exploits, but users are highly encouraged to update their software to the latest version. Acrobat DC and Acrobat Reader DC (Continuous) should update to version 2018.011.20063. Acrobat 2017 and Acrobat Reader DC 2017 should update to version 2017.011.30102, while Acrobat DC and Acrobat Reader DC (2015) to version 2015.006.30452.
Adobe acknowledged individuals and groups for help in reporting these flaws. Two important vulnerabilities on the list (CVE-2018-12778, CVE-2018-12775) were reported through Trend Micro’s Zero Day Initiative.
Mitigation and Trend Micro Solutions
The importance of patching and keeping software and systems updated can’t be underestimated — the most widespread malware of 2017 used a known exploit that could have been prevented with an available patch. Users should be aware of essential updates and implement effective patching procedures to help avert critical incidents before they happen.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.