16 May 2018

Zero-day in newly patched Adobe Acrobat was used in APT spotted by ESET

Zero-day in newly patched Adobe Acrobat was used in APT spotted by ESET

Yesterday Adobe patched multiple vulnerabilities in Adobe Photoshop and Adobe Acrobat, releasing two security bulletins. Information about zero-day vulnerability however appeared today only.

The vulnerability in question is a double free error CVE-2018-4990. The vulnerability exploitation was detected by ESET in March 2018.

The Adobe Acrobat bug was used along with another zero-day: privilege escalation vulnerability in Microsoft Windows CVE-2018-8120. Victims of this APT campaign are not yet disclosed.

I would advise to patch you systems ASAP, buy popcorn and wait for a fancy target to be named =) As that was a very expensive attack =)

Useful links

Our trackers:

https://www.zero-day.cz/database/498/

https://www.zero-day.cz/database/496/

ESET research https://www.welivesecurity.com/2018/05/15/tale-two-zero-days/

Back to the list

Latest Posts

Chinese hackers hit 10 major global telcos in a large-scale cyber espionage campaign

Chinese hackers hit 10 major global telcos in a large-scale cyber espionage campaign

Chinese APT10 adversary retrieved call records from hacked cell network providers to conduct targeted surveillance.
25 June 2019
New crypto-currency mining botnet targets Android devices via open ADB

New crypto-currency mining botnet targets Android devices via open ADB

The botnet malware has spread to 21 countries with the highest rates of infection observed in South Korea.
24 June 2019
Attackers hack MSPs to distribute Sodinokibi ransomware

Attackers hack MSPs to distribute Sodinokibi ransomware

The hackers somehow have managed to gain access to two remote management tools used by the MSPs.
21 June 2019