Adobe Reader 0-day patch released – Update2
Last updated on: September 7, 2020
Update:
- The "Launch" vulnerability still seems to be attackable according to some recent blogposts by security researchers.
- Didier Stevens publishes a work-around for the new attack in this blog post
Original:
Yesterday Adobe released its quarterly security update for Adobe Reader and Adobe Acrobat. Adobe anticipated the release by 2 weeks, because some of the vulnerabilities addressed are currently being exploited in the wild. The release fixes the zero-day vulnerability in the embedded Flash player that Adobe ships within the Reader product and addresses 15 other vulnerabilities.
The new Adobe Reader also improves the treatment for the high profile "Launch" vulnerability and introduces changes and default settings that neuter that attack.
All Adobe users should update immediately because exploits for the vulnerability have been reported by many industry sources.
References:
- Adobe PSIRT blog entry
- Didier Stevens blog with screen shots of the launch vulnerability