Adobe fixes two critical vulnerabilities in Acrobat and Reader
Under normal circumstances, Adobe also releases security updates on Tuesday of the second week of each month, but if there are special circumstances, it will be released in advance.
For example, Adobe released the security bulletin APSB19-02 today, mainly because Adobe Acrobat and Reader software have serious security vulnerabilities.
Adobe said the two vulnerabilities allow an attacker to escalate permissions and execute arbitrary code, such as silently downloading and installing malware or backdoors.
- CVE-2018-16011: Use After Free, an attacker could use this vulnerability to execute arbitrary code, such as executing a command to install malware without the user’s knowledge.
- CVE-2018-19725: Security Bypass, an attacker could use this vulnerability to increase privileges to execute higher-level commands, such as executing commands with administrator privileges.
Please update your Acrobat and Reader to the latest version.