Adobe’s first round of security updates for 2019 resolve two critical vulnerabilities in the company’s Acrobat and Reader products, but administrators should not be too concerned about the flaws being exploited in the wild any time soon.
The latest versions of Acrobat DC, Acrobat Reader DC, Acrobat 2017 and Acrobat Reader DC 2017 for Windows and macOS patch a use-after-free bug that can lead to arbitrary code execution in the context of the current user (CVE-2018-16011), and a security bypass issue that can result in privilege escalation (CVE-2018-19725).
The first vulnerability was discovered by Sebastian Apelt and the second by Abdul Aziz Hariri. Both security holes were reported to Adobe via Trend Micro’s Zero Day Initiative (ZDI).
While both flaws are considered critical, Adobe has assigned them a priority rating of 2, which means exploits are not imminent and administrators are advised to install the patches within 30 days.
Adobe patched hundreds of vulnerabilities in Acrobat products last year, including one that it failed to fix properly on the first try and a zero-day flaw exploited by malicious actors for arbitrary code execution.
Related: Over 100 Vulnerabilities Patched in Adobe Acrobat, Reader
Related: Adobe Patches Code Execution, Other Flaws in Acrobat and Reader
Related: Adobe Patches 86 Vulnerabilities in Acrobat Products

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Organizations Warned of Backdoor Feature in Hundreds of Gigabyte Motherboards
- Barracuda Zero-Day Exploited to Deliver Malware for Months Before Discovery
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Zyxel Firewalls Hacked by Mirai Botnet
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
- Drop in Insider Breaches Drives Decline in Intrusions at OT Organizations
- Zero-Day Vulnerability Exploited to Hack Barracuda Email Security Gateway Appliances
- OAuth Vulnerabilities in Widely Used Expo Framework Allowed Account Takeovers
Latest News
- Chrome 114 Released With 18 Security Fixes
- Organizations Warned of Backdoor Feature in Hundreds of Gigabyte Motherboards
- Breaking Enterprise Silos and Improving Protection
- Spyware Found in Google Play Apps With Over 420 Million Downloads
- Millions of WordPress Sites Patched Against Critical Jetpack Vulnerability
- Barracuda Zero-Day Exploited to Deliver Malware for Months Before Discovery
- PyPI Enforcing 2FA for All Project Maintainers to Boost Security
- Personal Information of 9 Million Individuals Stolen in MCNA Ransomware Attack
