Adobe releases emergency fixes for two critical Acrobat and Reader flaws

The bugs let an attacker execute arbitrary code and allowed privilege escalation via six iterations of the software

Adobe Logo

Adobe has issued emergency patches for a pair of vulnerabilities found in Acrobat and Reader that could have allowed an attacker to infect a user's device with malware and bypass admin privileges.

The developer published a security bulletin yesterday confirming it had detected the two bugs and released fixes, adding they were deemed critical because they could lead to remote code execution and privilege escalation respectively.

The first vulnerability could be exploited by lulling a user into creating a specific PDF file from which code can be executed remotely, which opened the possibility for attackers to run malicious software on a user's machine. The second bug, meanwhile, is a security bypass flaw that could lead to attackers gaining undue administrative access to devices.

They were given a category 2 priority rating, meaning they were deemed very serious but no instances of exploitation had been detected. The critical bugs were found in several iterations of Acrobat, Acrobat DC, and Acrobat Reader on both Windows and macOS.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

These including Acrobat DC version and Acrobat Reader DC versions 2019.010.20064 and earlier, Acrobat 2017 and Acrobat Reader 2017 versions 2017.011.30110 and earlier. The bugs were also found on Acrobat DC and Acrobat Reader DC versions on the classic 2015 track, versions 2015.006.30461 and earlier.

Adobe has recommended that users update their software to the latest versions available as soon as possible, or within 30 days according to the developer's categorisation.

The company's widely-used Flash Player was found to suffer from a zero-day vulnerability in February 2018, after the South Korean Computer Emergency Response Team (KR-CERT) issued an alert, warning users of a zero-day vulnerability.

This bug, which Adobe allocated a category 1 priority rating, was said to give attackers the power to persuade users to open Microsft Office documents, web pages, and spam emails.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020
Visit/policy-legislation/general-data-protection-regulation-gdpr/354577/data-protection-fines-hit-ps100m
General Data Protection Regulation (GDPR)

Data protection fines hit £100m during first 18 months of GDPR

20 Jan 2020