Zero-day in newly patched Adobe Acrobat was used in APT spotted by ESET
Yesterday Adobe patched multiple vulnerabilities in Adobe Photoshop and Adobe Acrobat, releasing two security bulletins. Information about zero-day vulnerability however appeared today only.
The vulnerability in question is a double free error CVE-2018-4990. The vulnerability exploitation was detected by ESET in March 2018.
The Adobe Acrobat bug was used along with another zero-day: privilege escalation vulnerability in Microsoft Windows CVE-2018-8120. Victims of this APT campaign are not yet disclosed.
I would advise to patch you systems ASAP, buy popcorn and wait for a fancy target to be named =) As that was a very expensive attack =)
Useful links
Our trackers:
https://www.zero-day.cz/database/498/
https://www.zero-day.cz/database/496/
ESET research https://www.welivesecurity.com/2018/05/15/tale-two-zero-days/
Latest Posts
US charges Samourai cryptomixer founders for laundering $100 million
The cryptocurrency mixer facilitated over $2 billion in illegal transactions.
ArcaneDoor state-sponsored malware campaign strikes Cisco networking gear
The attackers exploited two zero-day vulnerabilities in Cisco networking equipment.
Iranian hackers exploit RMM tools to deliver malware
One of the aspects of MuddyWater's strategy involves exploiting Atera's free trial offers.