Thread Rating:
  • 2 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Adobe Re-Patches Critical Acrobat Reader Flaw
#1
Quote:A week after Adobe fixed a critical zero-day vulnerability in its Acrobat Reader, the company issued another patch after a researcher dug up a way to bypass the original fix.

This previous vulnerability (CVE-2019-7089) was fixed in Adobe’s regularly scheduled security update last week. But Adobe said that its recent patch for the sensitive data leakage vulnerability, which could enable information disclosure, had a hole.

“Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS,” said Adobe in its unscheduled Thursday update. “These updates address a reported bypass to the fix for

CVE-2019-7089 first introduced in 2019.010.20091, 2017.011.30120 and 2015.006.30475 and released on February 12, 2019.”
The zero-day vulnerability in Adobe Reader, disclosed by Alex Infuhr from cure53 in a Jan. 26 post, enabled bad actors to steal victims’ hashed password values, known as “NTLM hashes.”

The vulnerability allowed a PDF document to automatically send a server message block (SMB) request to an attacker’s server as soon as the document is opened.  SMB protocols enable an application or user of an application to access files on a remote server. Embedded in these SMB requests are NTLM hashes (NTLM is short for NT LAN Manager).

SOURCE: https://threatpost.com/adobe-re-patches-...aw/142098/
[-] The following 3 users say Thank You to silversurfer for this post:
  • darktwilight, Deep900, harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
AWZ Screen Recorder
AWZ Screen Recorder ...zevish — 11:05
Website X5 Go 2024.1
Website X5 Go 2024.1...zevish — 09:32
Apple's rules to allow third-party app ...
Apple has announ...alison30 — 09:28
Intel: Microsoft AI PCs need a Copilot K...
Microsoft hopes th...harlan4096 — 08:55
Synchredible 8 Professional Edition v8.2...
          Synchredib...zevish — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>