Skip to main content

Adobe Fixes 47 Vulnerabilities in Acrobat, Reader, Photoshop

by Chris Brook on Wednesday May 16, 2018

Contact Us
Free Demo

Adobe issued its second round of patches this month on Monday, including several that address critical issues that can lead to remote code execution.

Just a week after it issued its usual raft of Patch Tuesday updates Adobe pushed out fixes for nearly 50 vulnerabilities, including a rash of critical bugs, on Monday.

Among the patches were fixes for 24 vulnerabilities in Acrobat and Reader that could have led to arbitrary code execution. While most were use-after-free vulnerabilities the bugs ran the gamut and also included heap overflow vulnerabilities, a type confusion, an untrusted pointer dereference, an out-of-bounds write and a double free vulnerability.

Roughly just as many vulnerabilities - 23 - branded “important” in the family of application software and web services were also fixed.

Researchers from a variety of firms, including Check Point Software Technologies, Kaspersky Lab, ESET, and Microsoft, discovered the vulnerabilities. While none of the issues were brought to light at Pwn2Own, an annual hacking competition held each year in Vancouver, the bulk of the bugs were unearthed via the sponsor of the event, Trend Micro's Zero Day Initiative, a group that works with vendors to responsibly disclose vulnerabilities.

Blog Post

What is a Zero-day? A definition of Zero-day Exploits & Vulnerabilities

In addition to a deluge of Acrobat and Reader patches Adobe also fixed a critical out-of-bounds write vulnerability in Photoshop CC on Monday as well. Until it was fixed the issue, uncovered by Giwan Go, a senior researcher for Stealien, a South Korean offensive security firm, allowed remote code execution.

The update brings version 19.1.3 of Photoshop CC 2018 to version 19.1.4 and versions 18.1.2 and 18.1.3 to version 18.1.4.

The updates only come a week after Adobe's regularly scheduled Patch Tuesday update, a scant update that only patched five vulnerabilities across Flash, Connect, and the Adobe's Creative Cloud Desktop Application.

The issue in Flash, similar to this week's issues in Acrobat and Reader, could have led to remote code execution. The remaining issues in Creative Cloud and Connect could have led to privilege escalation, a security bypass, or the disclosure of sensitive information.

Tags:  Vulnerabilities

Recommended Resources

The Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss Prevention

All the essential information you need about DLP in one eBook.

6 Cybersecurity Thought Leaders on Data Protection
6 Cybersecurity Thought Leaders on Data Protection

Expert views on the challenges of today & tomorrow.

Digital Guardian Technical Overview
Digital Guardian Technical Overview

The details on our platform architecture, how it works, and your deployment options.