Adobe on Monday released security advisories for its Acrobat and Reader, and Photoshop products. These advisories address 48 vulnerabilities , with 25 of them rated critical and 23 rated important. Both the products suffer from critical vulnerabilities.
In the wild
Security researchers from Slovak antivirus vendor ESET bumped into an Adobe zero-day vulnerability when they discovered a weaponized PDF file in a public malware scanning engine. The researchers believe that the exploit was still in infancy as during discovery they found the exploit to be missing a final payload. They said the attackers were still in the process of fine-tuning their exploits. The zero-day exploit CVE-2018-4990 affects Adobe’s Acrobat/Reader PDF viewer. It can be used to run custom code within Adobe Acrobat/Reader.
Other critical vulnerabilities in the Acrobat/Reader and Photoshop products can lead to Remote Code Execution, Arbitrary Code Execution, Security Bypass and Information Disclosure.
As Adobe confirmed that the exploits exist in the wild, it’s advised to apply patches immediately and be safe.
- Photoshop CC 2018
- Photoshop CC 2017
- Acrobat DC
- Acrobat Reader DC
- Acrobat 2017
- Acrobat Reader DC 2017
- Acrobat Reader DC (Classic 2015)
- Acrobat DC (Classic 2015)
Product : Adobe Photoshop CC
CVE’s/Advisory : APSB18-17, CVE-2018-4946
Severity : Critical
Impact : Remote Code Execution
Product : Adobe Acrobat and Reader
CVE’s/Advisory : APSB18-09, CVE-2018-4946, CVE-2018-4947, CVE-2018-4948, CVE-2018-4949, CVE-2018-4950, CVE-2018-4951, CVE-2018-4952, CVE-2018-4953, CVE-2018-4954, CVE-2018-4955, CVE-2018-4956, CVE-2018-4957, CVE-2018-4958, CVE-2018-4959, CVE-2018-4960, CVE-2018-4961, CVE-2018-4962, CVE-2018-4963, CVE-2018-4964, CVE-2018-4965, CVE-2018-4966, CVE-2018-4967, CVE-2018-4968, CVE-2018-4969, CVE-2018-4970, CVE-2018-4971, CVE-2018-4972, CVE-2018-4973, CVE-2018-4974, CVE-2018-4975, CVE-2018-4976, CVE-2018-4977, CVE-2018-4978, CVE-2018-4979, CVE-2018-4980, CVE-2018-4981, CVE-2018-4982, CVE-2018-4983, CVE-2018-4984, CVE-2018-4985, CVE-2018-4986, CVE-2018-4987, CVE-2018-4988, CVE-2018-4989, CVE-2018-4990, CVE-2018-4993, CVE-2018-4994
Severity : Critical
Impact : Arbitrary Code Execution, Information Disclosure and Security Bypass