Adobe May Patch Update Resolves Security Issues in Flash, Acrobat, and Reader (May 15, 2019)
Adobe resolved 84 critical or important vulnerabilities in its’ May patch update, the largest of which were related to “Adobe Acrobat” and “Reader DC” on Windows and Mac machines. The patch update has resolved severe security issues which may lead to information disclosure or arbitrary code execution. 36 bugs were repaired in Acrobat and Reader specific to out-of-bounds read problems which could be exploited to leak information. One critical update to Flash is a use-after-free problem that can be abused in order to perform arbitrary code execution in the context of the current user. Two updates were also included for Adobe Media Encoder, as well as six out-of-bounds write problems, a type confusion error, two heap overflow bugs, a buffer error, a double free issue, one security bypass, and 36 use-after-free vulnerabilities. It is recommended that users allow automatic updates and bring their software builds up to the latest version available to mitigate the risk of exploit.
Recommendation: Your company should regularly check the software you use in everyday business practices to ensure that everything is always up-to-date with the latest security features. Using the automatic update feature in Windows operating systems is a good mediation step to ensure that your company is always using the most recent version.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.