The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls
DATAINSIDER

Digital Guardian's Blog

Adobe Fixes 47 Vulnerabilities in Acrobat, Reader, Photoshop

by Chris Brook on Wednesday May 16, 2018

Contact Us
Free Demo
Chat

Adobe issued its second round of patches this month on Monday, including several that address critical issues that can lead to remote code execution.

Just a week after it issued its usual raft of Patch Tuesday updates Adobe pushed out fixes for nearly 50 vulnerabilities, including a rash of critical bugs, on Monday.

Among the patches were fixes for 24 vulnerabilities in Acrobat and Reader that could have led to arbitrary code execution. While most were use-after-free vulnerabilities the bugs ran the gamut and also included heap overflow vulnerabilities, a type confusion, an untrusted pointer dereference, an out-of-bounds write and a double free vulnerability.

Roughly just as many vulnerabilities - 23 - branded “important” in the family of application software and web services were also fixed.

Researchers from a variety of firms, including Check Point Software Technologies, Kaspersky Lab, ESET, and Microsoft, discovered the vulnerabilities. While none of the issues were brought to light at Pwn2Own, an annual hacking competition held each year in Vancouver, the bulk of the bugs were unearthed via the sponsor of the event, Trend Micro's Zero Day Initiative, a group that works with vendors to responsibly disclose vulnerabilities.

Blog Post

What is a Zero-day? A definition of Zero-day Exploits & Vulnerabilities

In addition to a deluge of Acrobat and Reader patches Adobe also fixed a critical out-of-bounds write vulnerability in Photoshop CC on Monday as well. Until it was fixed the issue, uncovered by Giwan Go, a senior researcher for Stealien, a South Korean offensive security firm, allowed remote code execution.

The update brings version 19.1.3 of Photoshop CC 2018 to version 19.1.4 and versions 18.1.2 and 18.1.3 to version 18.1.4.

The updates only come a week after Adobe's regularly scheduled Patch Tuesday update, a scant update that only patched five vulnerabilities across Flash, Connect, and the Adobe's Creative Cloud Desktop Application.

The issue in Flash, similar to this week's issues in Acrobat and Reader, could have led to remote code execution. The remaining issues in Creative Cloud and Connect could have led to privilege escalation, a security bypass, or the disclosure of sensitive information.

Tags: Vulnerabilities

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.