Adobe releases emergency fixes for two critical Acrobat and Reader flaws

The bugs let an attacker execute arbitrary code and allowed privilege escalation via six iterations of the software

Adobe Logo

Adobe has issued emergency patches for a pair of vulnerabilities found in Acrobat and Reader that could have allowed an attacker to infect a user's device with malware and bypass admin privileges.

The developer published a security bulletin yesterday confirming it had detected the two bugs and released fixes, adding they were deemed critical because they could lead to remote code execution and privilege escalation respectively.

Advertisement - Article continues below

The first vulnerability could be exploited by lulling a user into creating a specific PDF file from which code can be executed remotely, which opened the possibility for attackers to run malicious software on a user's machine. The second bug, meanwhile, is a security bypass flaw that could lead to attackers gaining undue administrative access to devices.

They were given a category 2 priority rating, meaning they were deemed very serious but no instances of exploitation had been detected. The critical bugs were found in several iterations of Acrobat, Acrobat DC, and Acrobat Reader on both Windows and macOS.

These including Acrobat DC version and Acrobat Reader DC versions 2019.010.20064 and earlier, Acrobat 2017 and Acrobat Reader 2017 versions 2017.011.30110 and earlier. The bugs were also found on Acrobat DC and Acrobat Reader DC versions on the classic 2015 track, versions 2015.006.30461 and earlier.

Advertisement
Advertisement - Article continues below

Adobe has recommended that users update their software to the latest versions available as soon as possible, or within 30 days according to the developer's categorisation.

Advertisement - Article continues below

The company's widely-used Flash Player was found to suffer from a zero-day vulnerability in February 2018, after the South Korean Computer Emergency Response Team (KR-CERT) issued an alert, warning users of a zero-day vulnerability.

This bug, which Adobe allocated a category 1 priority rating, was said to give attackers the power to persuade users to open Microsft Office documents, web pages, and spam emails.

Featured Resources

Successful digital transformations are future ready - now

Research findings identify key ingredients to complete your transformation journey

Download now

Cyber security for accountants

3 ways to protect yourself and your clients online

Download now

The future of database administrators in the era of the autonomous database

Autonomous databases are here. So who needs database administrators anymore?

Download now

The IT expert’s guide to AI and content management

Your guide to the biggest opportunities for IT teams when it comes to AI and content management

Download now
Advertisement

Recommended

Visit/security/cyber-security/355267/zoom-hires-ex-facebook-cso-to-boost-platform-security
cyber security

Zoom hires ex-Facebook CSO Alex Stamos to boost platform security

8 Apr 2020
Visit/security/vulnerability/355236/hp-support-assistant-flaws-leave-windows-devices-open-to-attack
vulnerability

HP Support Assistant flaws leave Windows devices open to attack

6 Apr 2020
Visit/security/cyber-security/355234/safari-bug-let-hackers-access-cameras-on-iphones-and-macs
cyber security

Safari bug let hackers access cameras on iPhones and Macs

6 Apr 2020
Visit/software/video-conferencing/355229/zoom-we-moved-too-fast
video conferencing

Zoom CEO admits company "moved too fast" as privacy issues mount

6 Apr 2020

Most Popular

Visit/mobile/mobile-phones/355239/microsofts-patent-design-reveals-a-mobile-device-with-a-third-screen
Mobile Phones

Microsoft patents a mobile device with a third screen

6 Apr 2020
Visit/server-storage/servers/355254/a-critical-flaw-in-350000-microsoft-exchange-remains-unpatched
servers

A critical flaw in 350,000 Microsoft Exchange remains unpatched

7 Apr 2020
Visit/software/video-conferencing/355257/taiwan-first-country-to-ban-zoom-amid-security-concerns
video conferencing

Taiwan becomes first country to ban Zoom amid security concerns

8 Apr 2020