Adobe Security Updates for Acrobat and Reader, and Photoshop

Adobe on Monday released security advisories for its Acrobat and Reader, and Photoshop products. These advisories address 48 vulnerabilities , with 25 of them rated critical and 23 rated important. Both the products suffer from critical vulnerabilities.


In the wild

Security researchers from Slovak antivirus vendor ESET bumped into an Adobe zero-day vulnerability when they discovered a weaponized PDF file in a public malware scanning engine. The researchers believe that the exploit was still in infancy as during discovery they found the exploit to be missing a final payload. They said the attackers were still in the process of fine-tuning their exploits. The zero-day exploit CVE-2018-4990 affects Adobe’s Acrobat/Reader PDF viewer. It can be used to run custom code within Adobe Acrobat/Reader.

Other critical vulnerabilities in the Acrobat/Reader and Photoshop products can lead to Remote Code Execution, Arbitrary Code Execution, Security Bypass and Information Disclosure.


As Adobe confirmed that the exploits exist in the wild, it’s advised to apply patches immediately and be safe.


Affected products:

  • Photoshop CC 2018
  • Photoshop CC 2017
  • Acrobat DC
  • Acrobat Reader DC
  • Acrobat 2017
  • Acrobat Reader DC 2017
  • Acrobat Reader DC (Classic 2015)
  • Acrobat DC (Classic 2015)

Adobe Security Bulletin summary

Product : Adobe Photoshop CC
CVE’s/AdvisoryAPSB18-17, CVE-2018-4946
Severity :  Critical
Impact : Remote Code Execution


Product : Adobe Acrobat and Reader
CVE’s/AdvisoryAPSB18-09,  CVE-2018-4946, CVE-2018-4947, CVE-2018-4948, CVE-2018-4949, CVE-2018-4950, CVE-2018-4951, CVE-2018-4952, CVE-2018-4953, CVE-2018-4954, CVE-2018-4955, CVE-2018-4956, CVE-2018-4957, CVE-2018-4958, CVE-2018-4959, CVE-2018-4960, CVE-2018-4961, CVE-2018-4962, CVE-2018-4963, CVE-2018-4964, CVE-2018-4965, CVE-2018-4966, CVE-2018-4967, CVE-2018-4968, CVE-2018-4969, CVE-2018-4970, CVE-2018-4971, CVE-2018-4972, CVE-2018-4973, CVE-2018-4974, CVE-2018-4975, CVE-2018-4976, CVE-2018-4977, CVE-2018-4978, CVE-2018-4979, CVE-2018-4980, CVE-2018-4981, CVE-2018-4982, CVE-2018-4983, CVE-2018-4984, CVE-2018-4985, CVE-2018-4986, CVE-2018-4987, CVE-2018-4988, CVE-2018-4989, CVE-2018-4990, CVE-2018-4993, CVE-2018-4994
Severity :  Critical
Impact : Arbitrary Code Execution, Information Disclosure and Security Bypass


SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.


Subscribe For More Posts Like This

Get the latest research, best practices, industry trends and cybersecurity blogs from SecPod security experts

Invalid email address
We promise not to spam you. You can unsubscribe at any time.
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments