Welcome back! Update your software
Adobe has issued an emergency security update for two vulnerabilities in Acrobat and Reader that could allow an attacker to access an individual’s device remotely and infect a system with malware.
In a security bulletin published yesterday, the software firm gave few details about the new bugs, but labelled them as critical since “successful exploitation could lead to arbitrary code execution in the context of the current user”.
The first vulnerability, CVE-2018-16011, is a use-after-free flaw that could be leveraged for arbitrary code execution, permitting an attacker’s entry onto a device in order to do any number of things such as inject malicious script.
CVE-2018-16018, the second and equally critical vulnerability, is a security bypass flaw for privilege escalation.
Both bugs were discovered through Trend Micro’s Zero Day Initiative by security researchers Sebastian Apelt and Abdul Aziz Hariri.
Those using Adobe Acrobat and Reader for Windows and macOS should update their software to the latest versions immediately.
The patches come ahead of Adobe’s scheduled security update, which is still expected to be released next Tuesday, January 8.