16 May 2018

Zero-day in newly patched Adobe Acrobat was used in APT spotted by ESET

Zero-day in newly patched Adobe Acrobat was used in APT spotted by ESET

Yesterday Adobe patched multiple vulnerabilities in Adobe Photoshop and Adobe Acrobat, releasing two security bulletins. Information about zero-day vulnerability however appeared today only.

The vulnerability in question is a double free error CVE-2018-4990. The vulnerability exploitation was detected by ESET in March 2018.

The Adobe Acrobat bug was used along with another zero-day: privilege escalation vulnerability in Microsoft Windows CVE-2018-8120. Victims of this APT campaign are not yet disclosed.

I would advise to patch you systems ASAP, buy popcorn and wait for a fancy target to be named =) As that was a very expensive attack =)

Useful links

Our trackers:

https://www.zero-day.cz/database/498/

https://www.zero-day.cz/database/496/

ESET research https://www.welivesecurity.com/2018/05/15/tale-two-zero-days/

Back to the list

Latest Posts

Patch Tuesday: 60 vulnerabilities, 2 zero-days and good old LNK bugs

Patch Tuesday: 60 vulnerabilities, 2 zero-days and good old LNK bugs

Today Microsoft has released security fixes for 60 vulnerabilities in total. Among them 2 zero-days in Windows Shell and Internet Explorer.
15 August 2018
Microsoft patches for June 2018

Microsoft patches for June 2018

50 vulnerabilities patched, some of them are potentially wormable.
13 June 2018
VPNFilter, attacks on routers and why external scanning is essential for security

VPNFilter, attacks on routers and why external scanning is essential for security

How to protect your router from VPNFilter and other attacks.
8 June 2018
Featured vulnerabilities
Denial of service in Asterisk
Medium Patched | 24 Sep, 2018
Multiple vulnerabilities in MediaWiki
Low Patched | 21 Sep, 2018
Remote code execution in Microsoft Jet Database
High Not Patched | 21 Sep, 2018
Remote code execution in Mozilla Firefox
Medium Patched | 21 Sep, 2018
Multiple vulnerabiltiies in Mozilla Firefox ESR
Medium Patched | 21 Sep, 2018