16 May 2018

Zero-day in newly patched Adobe Acrobat was used in APT spotted by ESET

Zero-day in newly patched Adobe Acrobat was used in APT spotted by ESET

Yesterday Adobe patched multiple vulnerabilities in Adobe Photoshop and Adobe Acrobat, releasing two security bulletins. Information about zero-day vulnerability however appeared today only.

The vulnerability in question is a double free error CVE-2018-4990. The vulnerability exploitation was detected by ESET in March 2018.

The Adobe Acrobat bug was used along with another zero-day: privilege escalation vulnerability in Microsoft Windows CVE-2018-8120. Victims of this APT campaign are not yet disclosed.

I would advise to patch you systems ASAP, buy popcorn and wait for a fancy target to be named =) As that was a very expensive attack =)

Useful links

Our trackers:

https://www.zero-day.cz/database/498/

https://www.zero-day.cz/database/496/

ESET research https://www.welivesecurity.com/2018/05/15/tale-two-zero-days/

Back to the list

Latest Posts

Patch Tuesday in December 2018: 1 zero-day and more than 100 bugs fixed by Microsoft and Adobe

Patch Tuesday in December 2018: 1 zero-day and more than 100 bugs fixed by Microsoft and Adobe

Vulnerability statistics for Patch Tuesday in December 2018.
12 December 2018
Patch Tuesday: 60 vulnerabilities, 2 zero-days and good old LNK bugs

Patch Tuesday: 60 vulnerabilities, 2 zero-days and good old LNK bugs

Today Microsoft has released security fixes for 60 vulnerabilities in total. Among them 2 zero-days in Windows Shell and Internet Explorer.
15 August 2018
Microsoft patches for June 2018

Microsoft patches for June 2018

50 vulnerabilities patched, some of them are potentially wormable.
13 June 2018
Featured vulnerabilities
SSRF in Moodle
Medium Not Patched | 23 Mar, 2019
Multiple vulnerabilities in SQLite
Medium Patched | 22 Mar, 2019
NULL pointer dereference in GNU Tar
Low Patched | 22 Mar, 2019