Adobe Issues Emergency Patch Following December Miss
Adobe today issued an emergency security update, kicking off the new year with an out-of-band software fix to button up two critical flaws in Adobe Acrobat and Reader.
The advisory—Security Bulletin for Adobe Acrobat and Reader (APSB19-02)—outlines two vulnerabilities, but gives very little detail on the issues. In a more detailed advisory sent out to media, the company acknowledged two researchers, Abdul-Aziz Hariri and Sebastian Apelt, who regularly submit vulnerability research to Trend Micro's Zero Day Initiative, thanking Hariri for "his defense-in-depth contribution to hardening JavaScript API restriction bypasses."
While Adobe typically releases updates for its software on a schedule mimicking Microsoft's regular cadence of the second Tuesday of the month, the latest patch appears to be an emergency release. The company stated that its analysts are unaware of any exploitation of the vulnerabilities in the wild. "These updates address critical vulnerabilities," the company wrote in the advisory. "Successful exploitation could lead to arbitrary code execution in the context of the current user."