Adobe clears few critical bugs in the Acrobat reader

Adobe clears few critical bugs in the Acrobat reader

A recent security update released by Adobe ensures the squashing of two critical vulnerabilities which was previously identified in Adobe Acrobat and Reader software.

These bugs were thought to be critical, as they can lead to privilege escalation and arbitrary code execution in the context of the current user.

The security flaws were earlier revealed by Adove in a security bulletin last Thursday.

The first vulnerability, CVE-2018-16011, is a use-after-free problem which can lead to arbitrary code execution if exploited -- which, in turn, could permit the execution of malware payloads, account hijacking, and more.

The second security flaw, CVE-2018-19725, is a security bypass issue which permits attackers to ramp up their privilege levels, potentially leading to attacks and system tampering taking place with additional freedoms beyond the usual confines of a user account.

Adobe Acrobat DC and Acrobat Reader DC 2019.010.20064 and earlier, Acrobat 2017 and Acrobat Reader 2017 versions 2017.011.30110 and earlier, as well as Acrobat DC and Acrobat Reader DC versions 2015.006.30461 and earlier, are affected on Windows and macOS machines.

In order to stay protected against exploits involving these vulnerabilities, users should accept incoming security updates and upgrade to Acrobat DC and Acrobat Reader DC version 2019.010.20069, Acrobat 2017 and Acrobat Reader DC 2017 version 2017.011.30113, and Acrobat DC & Acrobat Reader DC version 2015.006.30464.

Adobe thanked researchers Sebastian Apelt and Abdul Aziz Hariri for reporting the vulnerabilities via Trend Micro's Zero Day Initiative.