430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Adobe issued a critical out-of-band patch to address CVE-2018-12848 Acrobat flaw

Adobe releases a critical out-of-band patch for CVE-2018-12848 Acrobat flaw, the security updates address a total of 7 vulnerabilities. Adobe address seven vulnerability in Acrobat DC and Acrobat Reader DC, including one critical vulnerability that could be exploited by attackers to execute arbitrary code. “Adobe has released security updates for Adobe Acrobat and Reader for Windows […]

Adobe Reader

Adobe releases a critical out-of-band patch for CVE-2018-12848 Acrobat flaw, the security updates address a total of 7 vulnerabilities.

Adobe address seven vulnerability in Acrobat DC and Acrobat Reader DC, including one critical vulnerability that could be exploited by attackers to execute arbitrary code.

“Adobe has released security updates for Adobe Acrobat and Reader for Windows and MacOS. These updates address critical and important vulnerabilities.  Successful exploitation could lead to arbitrary code execution in the context of the current user.” reads the security advisory.

The flaws affect Acrobat DC and Acrobat Reader DC for Windows and macOS (versions 2018.011.20058 and earlier; Acrobat 2017 and Acrobat Reader 2017 for Windows and macOS (versions 2017.011.30099 and earlier), and Acrobat DC and Acrobat Reader DC for Windows and macOS (2015.006.30448 and earlier).

The security patches have been released just one week after Adobe released its Patch Tuesday updates for September 2018 that addressed 10 vulnerabilities in Flash Player and ColdFusion.

The most severe flaw, tracked as CVE-2018-12848,  is a critical out-of-bounds write issue that could allow arbitrary code execution.

The flaw was reported by Omri Herscovici, research team leader at Check Point Software Technologies, the expert also found other 3 vulnerabilities.

CVE-2018-12848 Adobe Acrobat Reader flaw

The remaining flaws are out-of-bounds read vulnerabilities (CVE-2018-12849, CVE-2018-12850, CVE-2018-12801, CVE-2018-12840, CVE-2018-12778, CVE-2018-12775) that are rated as “important” and could lead to information disclosure.

The CVE-2018-12778 and CVE- 2018-12775 vulnerabilities were anonymously reported via Trend Micro’s Zero Day Initiative, while the CVE-2018-12801 issue was discovered by experts at Cybellum Technologies LTD.

The good news is that Adobe is not aware of any malicious exploitation of the flaw in attacks.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Adobe, CVE-2018-12848)

[adrotate banner=”5″]

[adrotate banner=”13″]