5/3/2023 0 Comments Adobe me patcher 1.6 download![]() It’s uncommon to see Acrobat Reader exploits in the wild these days so I decided to take a look at this one. TL DR I walk through how the attacker(s) exploited CVE-2018-4990 which is an out of bounds read in Acrobat Reader when processing specially crafted JPEG2000 images. Anton Cherepanov at ESET wrote a marketing blog post on it ( A tale of two zero-days) which was a decent, pretty poor analysis and it was missing some important things for me, such as how was the bug actually exploited? This was a zero-day exploit affecting Acrobat Reader that was recently patched by Adobe in apsb18-09. ![]() I managed to get my hands on a sample of CVE-2018-4990. Therefore I have updated my analysis of the root cause as well as the exploitation. Update! I originally titled this blog post ‘Adobe, Me and a Double Free’, however as a good friend of mine Ke Liu of Tencent’s Xuanwu LAB pointed out, this vulnerability is actually an out-of-bounds read that leads to two arbitrary free conditions.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |