Share This:

What is the Issue:

This week, Adobe has identified 47 vulnerabilities, 24 of which were found to be critical and are at high risk of exploitation. The vulnerabilities found in Adobe software such as Acrobat & Reader, as well as Photoshop Creative Cloud were assigned a severity rating of priority 1 due to the high-risk associated with a successful exploit. [1][2]

 

Why is this noteworthy:

The vulnerabilities fall into several categories: Double Free, Heap Overflow, Use-after-free, Out-of-bounds read, Type Confusion, Untrusted pointer dereference, Memory Corruption, NTLM SSO hash theft, and HTTP POST new. These attack categories can cause arbitrary code execution, information disclosure, and/or a security bypass. [4]

Both Adobe Acrobat & Reader, and Photoshop CC have vulnerabilities that can allow an attacker to embed JavaScript in order to execute arbitrary code on a victim’s device. [3] This can be done on the local system or while visiting a website to view a PDF file.

Acrobat Document Cloud and Acrobat Reader Document Cloud are both subject to a vulnerability via Microsoft’s NT Lan Manager’s (NTLM) authentication mechanism. As mentioned earlier, this is considered an NTLM SSO hash theft which allows attackers to redirect users to a 3rd party system for authentication rather than the internal organizations.

 

What is the exposure or risk:

There are at least 200 billion PDFs opened every year in Acrobat and Acrobat reader. [5] Therefore, although there have not been any “detected” exploits in the wild, exposure to these vulnerabilities can compromise the device(s) in question, which can lead to unwanted information disclosure.

 

What are the recommendations:

The SkOUT recommends that customers update their software to the latest Adobe versions.

 

Additionally, you may also want to use the FeatureLockdown in order to set preferences for user interaction with PDFs. Please follow the link below provided by Adobe and use the instructions based on your preferences:

https://www.adobe.com/devnet-docs/acrobatetk/tools/PrefRef/Windows/FeatureLockdown.html#PDFlinkblocking

If you are an administrator and have a managed environment, you may want to download the enterprise installer to update your systems:

ftp://ftp.adobe.com/pub/adobe/

References:

[1] https://www.zdnet.com/article/adobe-sends-out-second-wave-of-security-updates-for-critical-vulnerabilities/

[2] https://helpx.adobe.com/security/severity-ratings.html

[3] https://threatpost.com/adobe-doles-out-second-round-of-higher-priority-patches/131967/

[4] https://helpx.adobe.com/security/products/acrobat/apsb18-09.html

[5] https://www.adobe.com/uk/about-adobe/fast-facts.html

 

If you have any questions, please contact our Security Operations Center. Thank you.


Share This:

Posted by Doris Au

Doris is a product marketing manager at Barracuda MSP. In this position, she is responsible for connecting managed service providers with multi-layered security and data protection products that can protect their customers from today’s advanced cyber threats.

Leave a reply

Your email address will not be published.