Network Security, Patch/Configuration Management, Vulnerability Management

Adobe tackles two critical bugs in Acrobat and Reader update

Bradley BarthJanuary 3, 2019

Adobe Systems today released an unscheduled security update for Acrobat and Reader for both the Windows and MacOS operating systems, fixing two critical vulnerabilities in the process.

The San Jose, Calif.-based software company identified the issues as a use-after-free bug that can result in arbitrary code execution (CVE-2018-16011) and a security bypass flaw that can lead to privilege escalation (CVE-2018-19725). The classic 2015, classic 2017 and continuous track versions are all affected, and each has been patched.

Sebastian Apelt and Abdul Aziz Hariri of Trend Micro's Zero Day Initiative are credited with spotting CVE-2018-16011 and CVE-2018-19725, respectively.

Bradley Barth

As director of community content at CyberRisk Alliance, Bradley Barth develops content for SC Media online conferences and events, as well as video/multimedia projects. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Network Security

Pro-Russian DDoS attacks impact Canada

SC StaffSeptember 19, 2023

Canada had its various government agencies and financial and transportation industries subjected to distributed denial-of-service attacks by pro-Russian cybercrime operation NoName057(16), according to SecurityWeek.

Network Security

Experts fret over fate of CISA cyber programs as shutdown clouds loom

Derek B. JohnsonSeptember 19, 2023

A hearing ostensibly focused on CISA's CDM and EINSTEIN cybersecurity programs took a detour as witnesses strongly warned Congress that a shutdown could imperil federal cybersecurity efforts.

Uncategorized

Square outage attributed to DNS error

SC StaffSeptember 12, 2023

TechCrunch reports that major payments technology platform Square disclosed that a daylong outage it suffered late last week was prompted by a DNS error and not by a cyberattack. "While making several standard changes to our internal network software, the combination of updates prevented our systems from properly communicating with each other, and ultimately caused the disruption."

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Adobe tackles two critical bugs in Acrobat and Reader update

Related

Pro-Russian DDoS attacks impact Canada

Experts fret over fate of CISA cyber programs as shutdown clouds loom

Square outage attributed to DNS error

Related Events

The Latest Cybercriminal TTPs: How Public-Sector Defenders Can Stay Ahead

Playing network traffic cop in multi-cloud environments: A guide to detecting & restricting lateral movement

Consolidating without compromise: An XDR democast for analysts of all tenure

Get daily email updates