Adobe Patches Critical Flaw Twice in One Week
Adobe has been tripping over its own patches this week.
After its original fix failed, Adobe has issued yet another patch for a critical zero-day vulnerability in its Acrobat Reader. The previous vulnerability (CVE-2019-7089) was resolved last week in Adobe’s February 12 patch release. It was described as a sensitive data leak issue which can lead to information disclosure when exploited.
Cure53 researcher, Alex Inführ, originally reported the zero-day vulnerability in Adobe Reader. The exploit could permit attackers to steal victims’ hashed password values, known as “NTLM hashes.”Despite an embarrassing few days, Adobe has issued a second patch (CVE-2019-7815) that will hopefully resolve the issue. This should serve as a reminder for the importance of third-party patching—ensure you never miss an update with Syxsense.