16 May 2018

Zero-day in newly patched Adobe Acrobat was used in APT spotted by ESET

Zero-day in newly patched Adobe Acrobat was used in APT spotted by ESET

Yesterday Adobe patched multiple vulnerabilities in Adobe Photoshop and Adobe Acrobat, releasing two security bulletins. Information about zero-day vulnerability however appeared today only.

The vulnerability in question is a double free error CVE-2018-4990. The vulnerability exploitation was detected by ESET in March 2018.

The Adobe Acrobat bug was used along with another zero-day: privilege escalation vulnerability in Microsoft Windows CVE-2018-8120. Victims of this APT campaign are not yet disclosed.

I would advise to patch you systems ASAP, buy popcorn and wait for a fancy target to be named =) As that was a very expensive attack =)

Useful links

Our trackers:

https://www.zero-day.cz/database/498/

https://www.zero-day.cz/database/496/

ESET research https://www.welivesecurity.com/2018/05/15/tale-two-zero-days/

Back to the list

Latest Posts

Microsoft patches for June 2018

Microsoft patches for June 2018

50 vulnerabilities patched, some of them are potentially wormable.
13 June 2018
VPNFilter, attacks on routers and why external scanning is essential for security

VPNFilter, attacks on routers and why external scanning is essential for security

How to protect your router from VPNFilter and other attacks.
8 June 2018
New zero-day in Adobe Flash Player heavily exploited in the Middle East

New zero-day in Adobe Flash Player heavily exploited in the Middle East

Users in Doha and Qatar suffered from a targeted attack.
7 June 2018