Critical security updates for many Adobe products have recently been released for both Mac OS and Windows. These updates are extremely important as they could lead to potential machine and network compromise. The most popular Adobe products, Acrobat and Reader, have particularly critical vulnerabilities. rocketwise recommends applying the updates for every Adobe product, which were published on June 8, 2021. We also recommend reviewing the references section below for more in-depth detail about the vulnerabilities.
Two critical vulnerabilities were patched by Adobe in their most recent update on Adobe Acrobat and Adobe Reader. These updates prevent malicious actors from taking advantage of a vulnerability that could lead to arbitrary code execution in the context of the current user. Attackers could exploit an out-of-bounds read buffer overflow where the program reads in more input than designed to handle, and then could be provided malicious commands to execute. Threat actors could also try to exploit a “use after free vulnerability”, where programs reference memory after it has been freed, causing it to execute code.
This is especially noteworthy due to the severity of the vulnerabilities and the popularity of the software. Considering the widespread use of Adobe Acrobat and Adobe Reader, attackers could easily exploit these vulnerabilities to gain escalated privileges within a network. The context of the vulnerabilities themselves are very dangerous and shows that even popular software with whole development teams can have critical vulnerabilities.
Once exploited, attackers may have privileges to execute code within your environment under the context of the user running the program. For example, if an administrative user were running unpatched versions of Adobe Acrobat or Reader, a threat actor would have administrative rights on the machine if this vulnerability was exploited. From there, they could further penetrate the network by establishing persistence to gather information. After the attackers in this specific scenario were satisfied with their ability to regain access, they could later deploy ransomware to encrypt data and machines on the network.
The above scenario is highly likely as several software vendors within the dealership industry require that users run their applications "as an administrator." We strongly discourage you from doing this! If you have questions about how to overcome this, feel free to reach out to us.
rocketwise recommends that administrators follow the guidelines below:
For more in-depth information about the recommendations, please visit the following links:
If you have any questions, please contact our team today.