16 May 2018

Zero-day in newly patched Adobe Acrobat was used in APT spotted by ESET

Zero-day in newly patched Adobe Acrobat was used in APT spotted by ESET

Yesterday Adobe patched multiple vulnerabilities in Adobe Photoshop and Adobe Acrobat, releasing two security bulletins. Information about zero-day vulnerability however appeared today only.

The vulnerability in question is a double free error CVE-2018-4990. The vulnerability exploitation was detected by ESET in March 2018.

The Adobe Acrobat bug was used along with another zero-day: privilege escalation vulnerability in Microsoft Windows CVE-2018-8120. Victims of this APT campaign are not yet disclosed.

I would advise to patch you systems ASAP, buy popcorn and wait for a fancy target to be named =) As that was a very expensive attack =)

Useful links

Our trackers:

https://www.zero-day.cz/database/498/

https://www.zero-day.cz/database/496/

ESET research https://www.welivesecurity.com/2018/05/15/tale-two-zero-days/

Back to the list

Latest Posts

Zero-day in newly patched Adobe Acrobat was used in APT spotted by ESET

Zero-day in newly patched Adobe Acrobat was used in APT spotted by ESET

Adobe fixed zero-day in Acrobat DC.
16 May 2018
Microsoft patched 2 zero-days, critical RCE in Exchange. 68 vulnerabilities in total

Microsoft patched 2 zero-days, critical RCE in Exchange. 68 vulnerabilities in total

Overview and statistics for Microsoft Patch Tuesday in May 2018.
9 May 2018
Our SaaS Vulnerability Scanner is recognized with IT Security Software Awards by FinancesOnline Directory

Our SaaS Vulnerability Scanner is recognized with IT Security Software Awards by FinancesOnline Directory

We are recognized and awarded by FinancesOnline.
25 April 2018
Featured vulnerabilities
Information disclosure in Apache Solr
Low Patched | 24 May, 2018
Privilege escalation in GNU Glibc
Low Patched | 24 May, 2018
Multiple vulnerabilities in IBM MQ
Low Patched | 24 May, 2018
Multiple vulnerabilities in D-Link DIR-620 routers
High Not Patched | 24 May, 2018
Privilege escalation in IBM DB2
Low Patched | 24 May, 2018