There are important security updates for Adobe Acrobat and Reader. The PDF applications are attackable via two critical vulnerabilities on macOS and Windows. Hidden versions are ready for installation. The default settings should automatically update the applications. If this does not happen, you can initiate the process under the menu item “Help”. For a more efficient distribution, Admins can download Enterprise Installer from Acrobat and Reader and install the updates using several methods, such as SCUP / SCCM or SSH. The developers have closed the gaps in Acrobat DC / Reader DC (Continuous Track) 2019.010.20069, Acrobat 2017 / Reader DC 2017 2017.011.30113 and Acrobat DC / Reader DC (Classic 2015) 2015.006.30464. All previous versions are vulnerable to a warning message from Adobe.
A vulnerability (CVE-2018-16011) is designed to allow remote attackers to exploit remote authentication to execute malicious code on a victim’s user rights on computers. The second hole (CVE-2018-16018) could exploit attackers to bypass security mechanisms. Further details are currently unknown. The discovery of both vulnerabilities stems from security researchers at Trend Micro’s Zero Day Initiative.