Adobe Acrobat and Reader threat advisory

Cybersecurity Threat Advisory: Recent Security Updates for Adobe Acrobat and Reader

THREAT UPDATE

Critical security updates for many Adobe products have recently been released for both Mac OS and Windows. These updates are extremely important as they could lead to potential machine and network compromise. The most popular Adobe products, Acrobat and Reader, have particularly critical vulnerabilities. We recommend applying the updates for every Adobe product, which were published on June 8, 2021. We also recommend reviewing the references section below for more in-depth detail about the vulnerabilities.

TECHNICAL DETAIL & ADDITIONAL INFORMATION

WHAT IS THE THREAT?

Two critical vulnerabilities were patched by Adobe in their most recent update on Adobe Acrobat and Adobe Reader. These updates prevent malicious actors from taking advantage of a vulnerability that could lead to arbitrary code execution in the context of the current user. Attackers could exploit an out-of-bounds read buffer overflow where the program reads in more input than designed to handle, and then could be provided malicious commands to execute. Threat actors could also try to exploit a “use after free vulnerability”, where programs reference memory after it has been freed, causing it to execute code.

WHY IS IT NOTEWORTHY?

This is especially noteworthy due to the severity of the vulnerabilities and the popularity of the software. Considering the widespread use of Adobe Acrobat and Adobe Reader, attackers could easily exploit these vulnerabilities to gain escalated privileges within a network. The context of the vulnerabilities themselves are very dangerous and shows that even popular software with whole development teams can have critical vulnerabilities.

WHAT IS THE EXPOSURE OR RISK?

Once exploited, attackers may have privileges to execute code within your environment under the context of the user running the program. For example, if an administrative user were running unpatched versions of Adobe Acrobat or Reader, a threat actor would have administrative rights on the machine if this vulnerability was exploited. From there, they could further penetrate the network by establishing persistence to gather information. After the attackers in this specific scenario were satisfied with their ability to regain access, they could later deploy ransomware to encrypt data and machines on the network.

WHAT ARE THE RECOMMENDATIONS?

  • Apply the recent Adobe Acrobat and Adobe Reader patches ASAP.
  • Review your AD infrastructure to ensure there are no strange accounts or accounts that should already be disabled.
  • Maintain a proper patching policy for all machines.
  • Review network connections on the firewall or other network appliances to confirm that there are no malicious connections to your network.
  • Explore the documentation below to identify other adobe products that require updates.

REFERENCES

For more in-depth information about the recommendations, please visit the following links:

 

About ABCOM

We pride ourselves on providing proactive IT support and our services that look after small to medium business. It is more important now, than ever before, that businesses, of any size, take a professional approach to their cyber security.

Operating for over 20 years in the IT industry, we have the experience, we have the staff to help keep you, your data and your business secure.

Call us for advice on all aspects of IT – Cyber Security, including Awareness Training, hardware and software issues, you name it.

 

Visit www.abcom.co.uk

Or call 01444 871200