Adobe Releases Out-of-Band Security Bulletin for Adobe Acrobat and Reader (APSB19-02)
Adobe issued an out-of-band security bulletin which addresses two critical vulnerabilities (CVE-2018-16011, CVE-2018-16018) in Adobe Acrobat and Reader.
Contexte
On January 3, Adobe released a security bulletin to address two critical vulnerabilities in Adobe Acrobat and Reader for both Windows and macOS. Adobe published a prenotification for this bulletin on December 27 to give users advance warning.
Vulnerability details
The security bulletin addresses two critical vulnerabilities. The first, CVE-2018-16011, is a use after free vulnerability that could lead to arbitrary code execution. CVE-2018-16018 is a security bypass vulnerability that could allow an attacker to elevate privileges. An attacker could create and deliver a specially crafted PDF file to a vulnerable target in order to exploit these vulnerabilities. Adobe hasn’t provided any additional details about these vulnerabilities, including whether or not they have been observed in attacks in the wild.
Tenable’s Security Response Team observed that both of the CVEs listed in APSB19-02 were initially included as part of APSB18-41, Adobe’s monthly security bulletin from December 2018. However, both CVEs were removed on or before December 20, according to the last revision date in the bulletin. Additionally, Adobe revised APSB19-02 to include CVE-2018-16018 in place of the previously listed CVE-2018-19725.
Urgently required actions
Adobe has released updated versions of Adobe Acrobat DC, Adobe Acrobat Reader DC, Acrobat 2017 and Acrobat Reader DC 2017 that address these vulnerabilities. End users and IT administrators are encouraged to upgrade to these patched versions as soon as possible.
Identification des systèmes affectés
Tenable’s plugins for APSB18-41 will be updated to reflect Adobe’s revised bulletin. Once updated, the following list of Nessus plugins to identify these specific vulnerabilities will appear here as they’re released.
Où trouver plus d'informations
- Security Bulletin for Adobe Acrobat and Reader | APSB19-02
- Security Bulletin for Adobe Acrobat and Reader | APSB18-41
Learn more about Tenable, the first Cyber Exposure platform for holistic management of your modern attack surface. Get a free 60-day trial of Tenable.io Vulnerability Management.
Articles connexes
Cybersecurity Snapshot: Attackers Pounce on Unpatched Vulns, DBIR Says, as Critical Infrastructure Orgs Benefit from CISA’s Alert Program
May 3, 2024Verizon’s DBIR found that hackers are having a field day exploiting vulnerabilities to gain initial access. Plus, a CISA program is helping critical infrastructure organizations prevent ransomware attacks. In addition, check out what Tenable’s got planned for RSA Conference 2024. And get the latest on the Change Healthcare breach. And much more!
CVE-2024-20353, CVE-2024-20359: Frequently Asked Questions About ArcaneDoor
April 25, 2024Frequently asked questions about CVE-2024-20353 and CVE-2024-20359, two vulnerabilities associated with “ArcaneDoor,” the espionage-related campaign targeting Cisco Adaptive Security Appliances.
Operational Technology in the DoD: Ensuring a Secure and Efficient Power Grid
April 19, 2024In an evolving threat landscape, the DoD must make sure that its mission-critical operations don’t experience power outages.
Cybersecurity Snapshot: Attackers Pounce on Unpatched Vulns, DBIR Says, as Critical Infrastructure Orgs Benefit from CISA’s Alert Program
May 3, 2024Verizon’s DBIR found that hackers are having a field day exploiting vulnerabilities to gain initial access. Plus, a CISA program is helping critical infrastructure organizations prevent ransomware attacks. In addition, check out what Tenable’s got planned for RSA Conference 2024. And get the latest on the Change Healthcare breach. And much more!
As Pro-Russia Hactivists Target OT Systems, Here’s What You Need To Know
May 2, 2024U.S. and international cybersecurity and law enforcement agencies this week issued a joint fact sheet to highlight and safeguard against the continued malicious cyber activity conducted by pro-Russia hacktivists against operational technology (OT) devices in North America and Europe. Read on to get all the details and learn what actions to take today.
Tenable Bolsters Its Cloud Security Arsenal with Malware Detection
May 1, 2024Tenable Cloud Security is enhancing its capabilities with malware detection. Combined with its cutting-edge, agentless vulnerability-scanning technology, including its ability to detect anomalous behavior, this new capability makes Tenable Cloud Security a much more complete and effective solution. Read on to find out how.
- Vulnerability Management
- Vulnerability Scanning