Security Alert: Surprise Adobe Patch Eliminates Critical Flaw in Acrobat and Reader
More vulnerabilities could lead to arbitrary code execution or data leaks
Adobe has a Patch Tuesday event dedicated especially to updating their apps and eliminating vulnerabilities but this time the company had to issue another critical update, outside of the usual event.
Vulnerability CVE-2018-12848 is the most critical on the list of the seven Adobe software vulnerabilities found in the following list and earlier versions:
- Acrobat DC (Continuous)
- Acrobat Reader DC (Continuous)
- Acrobat 2017 (Classic 2017)
- Acrobat Reader 2017 (Classic 2017)
- Acrobat DC (Classic 2015)
- Acrobat Reader DC (Classic 2015)
If you use any software from this list, update to version 2018.011.20063 as soon as possible, as the vulnerabilities could lead to arbitrary code execution.
Fortunately, no current exploits for these vulnerabilities have been deployed yet, so updating swiftly will be sufficient for now
To ensure your PC and valuable data is safe from the exploits targeting software vulnerabilities, follow these steps:
- Always apply the latest update, especially this patch designed to eliminate the CVE-2018-12848 vulnerability.
- Don’t rely on Antivirus alone, as its reactive nature makes it unequipped to deal with the latest threat – use proactive security software that can intercept threats before they reach your PC.
- To stay on top of so many updates released daily, use a software that applies patches automatically and securely, without interrupting you with notifications.
All users who have Thor Foresight or Thor Free have already received this critical patch, so there is no need to take further action.
For more details on why Adobe products receive so many security-critical updates, we have an overview of the situation here.
*This article features cyber intelligence provided by CSIS Security Group researchers.