Adobe Releases Second Patch for CVE-2019-7089 After First One Failed
NEWS

Adobe Releases Second Patch for CVE-2019-7089 After First One Failed

CVE-2019-7089 is a critical zero-day vulnerability in Adobe Reader which was patched this month alongside other 42 critical flaws. The vulnerability is a sensitive data leak issue which can lead to information disclosure in case of successful exploit. It turns out that the researcher who discovered the bug, managed to bypass the first patch, and Adobe had to release a second fix.




CVE-2019-7089 Patch Was Bypassed, Adobe Releases Another One

CVE-2019-7089 was identified by security researcher Alex Inführ from Cure53. Shortly said, it allows a specially crafted PDF document to send SMB requests to the hacker’s server when the file is opened. The flaw enables remote hackers to steal a user’s NTLM hash which is included in the SMB request. Furthermore, the vulnerability can help alert threat actors when the malicious PDF documented is opened. Unfortunately, the original fix didn’t work as intended, as the researcher was able to bypass it.

As a result of this, Adobe had to release a new fix quickly to avoid exploitation. The fix is now a fact, and it has been assigned a new CVE identifier, CVE-2019-7815.\

Related:
Microsoft has just released a security update for Internet Explorer after receiving a report from Google about a new bug being used in targeted attacks.
CVE-2018-8653 in Internet Explorer: Microsoft Patches Yet Another Zero-Day

CVE-2019-7089 Similar to Older CVE-2018-4993 Vulnerability

As a matter of fact, Inführ announced his findings to the public at least two weeks before Adobe released the first, problematic patch. An unofficial patch was also introduced by 0patch a day before the official patch. Not only this but CVE-2019-7089 is the second vulnerability Adobe fixes that was similar to CVE-2018-4993:

Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an NTLM SSO hash theft vulnerability. Successful exploitation could lead to information disclosure.

Fortunately, despite all events Adobe says there are no records of actual attacks based on the vulnerability in the wild. Needless to say, users should update with the latest security release to mitigate the risk of attacks.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...