Latest News

  • ZD net
  • Micropatch released for Adobe Reader zero-day vulnerability

Source: ZD net
Rate: 5 5

See the news Micropatch released for Adobe Reader zero-day vulnerability from Source ZD net on 12/02/2019 has been updated to day with the theme on feedixo.

Micropatch released for Adobe Reader zero-day vulnerability

A micropatch has been made available to resolve a zero-day vulnerability impacting Adobe Reader which could lead to the theft of hashed password values.The vulnerability was originally disclosed by Alex Inführ on 26 January and proof-of-concept (PoC) code has been published.More security newsComparisons have been drawn between the new zero-day bug and CVE-2018-4993, the so-called Bad PDF bug which was resolved in 2018. The exploit does not rely on a software error or specific vulnerability. Instead, attackers leverage weaknesses in a content embedding feature for PDF files, according to 0patch.See also: Adobe updates Sign with Government ID Authentication featureIn this case, the problem lies within Adobe Reader DC and, if exploited, permits attackers to force a PDF file to automatically sent an SMB request to a threat actor's server the moment a document is opened.This, in turn, allows the remote theft of an NTLM hash included in the SMB request. By "phoning home," attackers are able to steal these hashed password values as well as become alerted the moment the document is opened.CNET: Trump reportedly will ban Chinese telecom equipment next weekThe zero-day is "functionally identical" to CVE-2018-4993, according to the researchers -- but is simply in a different place. "While Bad-PDF used an /F...

The news of the agency (ZD net) and site feedixo any responsibility in publishing it.

See the news Micropatch released for Adobe Reader zero-day vulnerability from Source ZD net on 12/02/2019 has been updated to day with the theme on feedixo.