SecPod

Learn Search

Search across all Learn content

← Back to Security Research
Adobe Security Updates for Acrobat and Reader, and Photoshop

Adobe Security Updates for Acrobat and Reader, and Photoshop

May 16, 2018By Rajat Mishra2 min read

Adobe on Monday released security advisories for its Acrobat and Reader, and Photoshop products. These advisories address 48 vulnerabilities , with 25 of them rated critical and 23 rated important. Both the products suffer from critical vulnerabilities.

In the wild

Security researchers from Slovak antivirus vendor ESET bumped into an Adobe zero-day vulnerability when they discovered a weaponized PDF file in a public malware scanning engine. The researchers believe that the exploit was still in infancy as during discovery they found the exploit to be missing a final payload. They said the attackers were still in the process of fine-tuning their exploits. The zero-day exploit CVE-2018-4990 affects Adobe’s Acrobat/Reader PDF viewer. It can be used to run custom code within Adobe Acrobat/Reader.

Other critical vulnerabilities in the Acrobat/Reader and Photoshop products can lead to Remote Code Execution, Arbitrary Code Execution, Security Bypass and Information Disclosure.

As Adobe confirmed that the exploits exist in the wild, it’s advised to apply patches immediately and be safe.

Affected products:

  • Photoshop CC 2018
  • Photoshop CC 2017
  • Acrobat DC
  • Acrobat Reader DC
  • Acrobat 2017
  • Acrobat Reader DC 2017
  • Acrobat Reader DC (Classic 2015)
  • Acrobat DC (Classic 2015)

Product : Adobe Photoshop CCCVE’s/AdvisoryAPSB18-17, CVE-2018-4946Severity :  CriticalImpact : Remote Code Execution

Product : Adobe Acrobat and ReaderCVE’s/AdvisoryAPSB18-09,  CVE-2018-4946, CVE-2018-4947, CVE-2018-4948, CVE-2018-4949, CVE-2018-4950, CVE-2018-4951, CVE-2018-4952, CVE-2018-4953, CVE-2018-4954, CVE-2018-4955, CVE-2018-4956, CVE-2018-4957, CVE-2018-4958, CVE-2018-4959, CVE-2018-4960, CVE-2018-4961, CVE-2018-4962, CVE-2018-4963, CVE-2018-4964, CVE-2018-4965, CVE-2018-4966, CVE-2018-4967, CVE-2018-4968, CVE-2018-4969, CVE-2018-4970, CVE-2018-4971, CVE-2018-4972, CVE-2018-4973, CVE-2018-4974, CVE-2018-4975, CVE-2018-4976, CVE-2018-4977, CVE-2018-4978, CVE-2018-4979, CVE-2018-4980, CVE-2018-4981, CVE-2018-4982, CVE-2018-4983, CVE-2018-4984, CVE-2018-4985, CVE-2018-4986, CVE-2018-4987, CVE-2018-4988, CVE-2018-4989, CVE-2018-4990, CVE-2018-4993, CVE-2018-4994Severity :  CriticalImpact : Arbitrary Code Execution, Information Disclosure and Security Bypass

SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.

Featured Posts

Open CVE-2026-31431: From 732 Bytes to Root - Anatomy of a Modern Linux Privilege Escalation

CVE-2026-31431: From 732 Bytes to Root - Anatomy of a Modern Linux Privilege Escalation

CVE Research

CVE-2026-31431: From 732 Bytes to Root - Anatomy of a Modern Linux Privilege Escalation

Jun 24, 2026

Open CVE-2026-31431: The Nine-Year Kernel Bug Hiding in Plain Sight

CVE-2026-31431: The Nine-Year Kernel Bug Hiding in Plain Sight

CVE Research

CVE-2026-31431: The Nine-Year Kernel Bug Hiding in Plain Sight

Jun 23, 2026

Open Squidbleed: A 29-Year-Old Squid Proxy Flaw That Leaks Cleartext HTTP Requests
Squidbleed: A 29-Year-Old Squid Proxy Flaw That Leaks Cleartext HTTP Requests

CVE Research

Squidbleed: A 29-Year-Old Squid Proxy Flaw That Leaks Cleartext HTTP Requests

Jun 23, 2026

Open AryStinger Malware Leverages 4,300+ Legacy Routers to Establish Persistent Spy Infrastructure
AryStinger Malware Leverages 4,300+ Legacy Routers to Establish Persistent Spy Infrastructure

CVE Research

AryStinger Malware Leverages 4,300+ Legacy Routers to Establish Persistent Spy Infrastructure

AryStinger represents a calculated shift in IoT threat methodology, abandoning noisy, destructive payloads in favor of silent, long-term reconnaissance infrastructure. By exploiting unpatched, end-of-life routers and NAS devices through decade-old vulnerabilities, the threat operator has assembled a distributed fleet of over 4,300 Executor nodes capable of conducting parallelized DNS enumeration, port scanning, and service fingerprinting at scale, all while masking origin behind residential IP addresses. With active development ongoing and a potential operational timeline stretching back to 2024, AryStinger underscores a growing and underappreciated risk: forgotten edge hardware is not merely a compliance gap but exploitable infrastructure.

Jun 23, 2026

Adobe Security Updates for Acrobat and Reader, and Photoshop | SecPod