Adobe Releases Out-of-Band Security Bulletin for Adobe Acrobat and Reader (APSB19-02)
Adobe issued an out-of-band security bulletin which addresses two critical vulnerabilities (CVE-2018-16011, CVE-2018-16018) in Adobe Acrobat and Reader.
Background
On January 3, Adobe released a security bulletin to address two critical vulnerabilities in Adobe Acrobat and Reader for both Windows and macOS. Adobe published a prenotification for this bulletin on December 27 to give users advance warning.
Vulnerability details
The security bulletin addresses two critical vulnerabilities. The first, CVE-2018-16011, is a use after free vulnerability that could lead to arbitrary code execution. CVE-2018-16018 is a security bypass vulnerability that could allow an attacker to elevate privileges. An attacker could create and deliver a specially crafted PDF file to a vulnerable target in order to exploit these vulnerabilities. Adobe hasn’t provided any additional details about these vulnerabilities, including whether or not they have been observed in attacks in the wild.
Tenable’s Security Response Team observed that both of the CVEs listed in APSB19-02 were initially included as part of APSB18-41, Adobe’s monthly security bulletin from December 2018. However, both CVEs were removed on or before December 20, according to the last revision date in the bulletin. Additionally, Adobe revised APSB19-02 to include CVE-2018-16018 in place of the previously listed CVE-2018-19725.
Urgently required actions
Adobe has released updated versions of Adobe Acrobat DC, Adobe Acrobat Reader DC, Acrobat 2017 and Acrobat Reader DC 2017 that address these vulnerabilities. End users and IT administrators are encouraged to upgrade to these patched versions as soon as possible.
Identifying affected systems
Tenable’s plugins for APSB18-41 will be updated to reflect Adobe’s revised bulletin. Once updated, the following list of Nessus plugins to identify these specific vulnerabilities will appear here as they’re released.
Get more information
- Security Bulletin for Adobe Acrobat and Reader | APSB19-02
- Security Bulletin for Adobe Acrobat and Reader | APSB18-41
Learn more about Tenable, the first Cyber Exposure platform for holistic management of your modern attack surface. Get a free 60-day trial of Tenable.io Vulnerability Management.
관련 기사
Kinsing Malware Hides Itself as a Manual Page and Targets Cloud Servers
May 16, 2024Tenable Cloud Security Research Team has recently discovered that Kinsing malware, known for targeting Linux-based cloud infrastructures, exploits Apache Tomcat servers with new advanced stealth techniques. Explore our analysis and the indicators of compromise in this report.
Microsoft’s May 2024 Patch Tuesday Addresses 59 CVEs (CVE-2024-30051, CVE-2024-30040)
May 14, 2024Microsoft addresses 59 CVEs in its May 2024 Patch Tuesday release with one critical vulnerability and three zero-day vulnerabilities, two of which were exploited in the wild.
CVE-2024-21793, CVE-2024-26026: Proof of Concept Available for F5 BIG-IP Next Central Manager Vulnerabilities
May 9, 2024Researchers disclose multiple vulnerabilities in F5 BIG-IP Next Central Manager and provide proof-of-concept exploit code, which could lead to exposure of hashed passwords.
Cybersecurity Snapshot: CISA Warns Hospitals about Black Basta, as Tenable Study Finds Cloud-Related Breaches Pervasive
May 17, 2024Find out why healthcare organizations must beware of the Black Basta ransomware group. Meanwhile, a Tenable study found that 95% of surveyed organizations suffered a cloud-related breach, and offers insights for boosting cloud security. Plus, a Cloud Security Alliance report delves into how AI systems can create risky gaps in your cloud environment. And much more!
Kinsing Malware Hides Itself as a Manual Page and Targets Cloud Servers
May 16, 2024Tenable Cloud Security Research Team has recently discovered that Kinsing malware, known for targeting Linux-based cloud infrastructures, exploits Apache Tomcat servers with new advanced stealth techniques. Explore our analysis and the indicators of compromise in this report.
Microsoft’s May 2024 Patch Tuesday Addresses 59 CVEs (CVE-2024-30051, CVE-2024-30040)
May 14, 2024Microsoft addresses 59 CVEs in its May 2024 Patch Tuesday release with one critical vulnerability and three zero-day vulnerabilities, two of which were exploited in the wild.
- Vulnerability Management
- Vulnerability Scanning