Casa > cibernético Notícias > APSB18-29: Adobe lança agosto 2018 Atualizações de segurança

APSB18-29: Adobe lança agosto 2018 Atualizações de segurança

Adobe released the August 2018 Atualizações de segurança (APSB18-29)which addresses key vulnerabilities in the Acrobat e Leitor formulários. The released collection of updates are available both to Windows and Mac OS X users. All users running these products are advised to update their installations as soon as possible.

APSB18-29: agosto 2018 Security Updates Released by Adobe: Acrobat and Reader Vulnerabilities Fixed

Adobe issued their latest bulletin of patches addressing issues found in two of their main products — Acrobat and Reader. They are part of the August 2018 Security Updates bundle and include patches for a total of 11 bugs in these two programs. Most of them are related to a possibility to deploy a remote code execution attack. The accompanying release notes do not give details about the issues — whether or not they have been reported in private or if there have been reported incidents that make use of the vulnerabilities.

Story relacionado: CVE-2018-3110: Divulgação de vulnerabilidade crítica no banco de dados Oracle

Two specific issues have been reported which are assigned a “crítico” severity and are tracked with the following advisories:

  • CVE-2018-12808 — Out-of-bounds write Bug Resulting in Arbitrary Code Execution.
  • CVE-2018-12799 — An untrusted pointer dereference issue that can result in arbitrary code execution.

By exploiting the two applications malicious users can overcome the protective features thereby allowing arbitrary code execution. This means that the attackers can use a variety of different approaches in order to induce this behaviour. A common way would be to spread infected scripts that lead to the execution of the malicious behaviour.

There are several different channels that the criminals can utilize:

  • Phishing mensagens de email — Hackers can design email message that include elements from well-known companies imitating legitimate notifications, reminders and other often delivered emails. The associated malicious files/scripts can be either directly attached or linked in the body contents.
  • Sites de download maliciosos — The criminals can construct sites that are created in a similar way by imitating often used download portals and vendor sites.
  • Redes de compartilhamento de arquivos — The malicious documents or other payload carriers can be distributed on peer to peer programs and other file sharing networks like BitTorrent where pirate content is usually spread.

The security research shows that failed exploitation of the vulnerabilities will result in a Denial-of-service (DOS) condição. As always we recommend that users update to the newest version as soon as possible.


Martin Beltov

Martin formou-se na publicação da Universidade de Sofia. Como a segurança cibernética entusiasta ele gosta de escrever sobre as ameaças mais recentes e mecanismos de invasão.

mais Posts

Me siga:

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

Compartilhar no Facebook Compartilhar
Compartilhar no Twitter chilrear
Compartilhar no Google Plus Compartilhar
Partilhar no Linkedin Compartilhar
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Partilhar no StumbleUpon Compartilhar