Adobe Patches Critical Flaw Twice in One Week
In a matter of days, Adobe has patched a critical information disclosure flaw in Reader twice.
Adobe has been tripping over its own patches this week.
After its original fix failed, Adobe has issued yet another patch for a critical zero-day vulnerability in its Acrobat Reader. The previous vulnerability (CVE-2019-7089) was resolved last week in Adobe’s February 12 patch release. It was described as a sensitive data leak issue which can lead to information disclosure when exploited.
Cure53 researcher, Alex Inführ, originally reported the zero-day vulnerability in Adobe Reader. The exploit could permit attackers to steal victims’ hashed password values, known as “NTLM hashes.”