Adobe Acrobat Reader has got a security patch that will fix a new zero-day vulnerability found in the software. The update will fix 47 vulnerabilities, 24 of them are rated critical which can also lead to the remote code execution on a victim’s PC. CVE-2018-4990 is particularly is important among these updates since it was discovered by an anti-virus security researchers ESET in a malicious PDF sample uploaded to the public repo.
The flaw was located in the Windows Win32k component and was patched by Microsoft last week. A Fully Working exploit is valuable to hackers as it could provide an easy way into a victims computer. The exploit broker Zerodium pays up to $80,000 for an Adobe Reader exploit. The PDF is a popular document format which is used by many companies and individuals and not seen as being suspicious but they may have the payload (Code required to exploit the PC) embedded in the file itself.
“Even though the sample does not contain a real malicious final payload, which may suggest that it was caught during its early development stages, the author(s) demonstrated a high level of skills in vulnerability discovery and exploit writing,” the ESET researchers said in a blog post.
A total number of 5.375 vulnerabilities were reported in the first quarter of 2018. According to a new report released by Vulnerability Intelligence. “This underlines that while patching is very important, it cannot be solely relied on,” the Risk-Based Security researchers said in their report. “A modern vulnerability management approach needs to be more than just patch management, it needs to make use of detailed vulnerability intelligence to understand and prioritize mitigation actions to address the ever-changing threats.”
Within these vulnerabilities, 20% of them have been reported by bug bounty programs and more than 1 in 4 flaws don’t have a publicly documented solution.
Take your time to comment on this article.
