Adobe has addressed several vulnerabilities in Acrobat DC and Acrobat Reader DC by also including one of the several vulnerabilities that can be exploited by hackers to execute malicious code.
“Adobe has released security updates for Adobe Acrobat and Reader for Windows and MacOS. These updates address critical and significant vulnerabilities. Successful exploitation could lead to random code execution in the context of the current user.” reads the security advisory.
The flaw is currently affecting the Acrobat DC and Acrobat Reader DC in Windows and Mac OS versions in 2018.0.11.20058 build. Acrobat 2017 and Acrobat Reader 2017 has also been affected by this flaw. Adobe released its Patch on Tuesday. The company has also addressed over 10 vulnerabilities in Flash Player and ColdFusion.
Are there any Critical Flaws in the Application?
There is also a serious flaw with CVE-2018-12848 which is a critical out of bounds write issue that can allow bad actors to execute malicious code on a victim’s computer. The flaw was discovered by Omri Herscovici, A research team leader at Check Point Software Technologies. The expert has also found a number of other similar vulnerabilities.
The remaining flaws are out-of-bounds read vulnerabilities (CVE-2018-12849, CVE-2018-12850, CVE-2018-12801, CVE-2018-12840, CVE-2018-12778, CVE-2018-12775) which are given a rating of medium as it could lead to customer data leaks.
Who reported the vulnerabilities?
There are some vulnerabilities reported anonymously that are reported via Trend Micro’s Zero Day Initiative. While the CVE-2018-12801 issue was discovered by Cybellum Technologies LTD. Two of the vulnerabilities titled CVE-2018-12778 and CVE-2018-12775 are reported by researchers who remained anonymous.