Coming off the heels of February 2019’s Patch Tuesday, Adobe has discovered and patched another critical vulnerability impacting Adobe Reader and Acrobat. The latest exploit can allow hackers to access sensitive information about the current user.
The vulnerability, listed as CVE-2019-7815, addresses a bypass discovered in another Adobe patch released on Patch Tuesday – CVE 2019-7089. The impact of CVE-2019-7815 can be dramatic, as it affects both Windows and macOS systems.
Impacted Adobe products include Acrobat DC, 2017, and 2015, as well as Acrobat Reader DC, 2017, and 2015. Even if you patched Reader and Acrobat on the most recent Patch Tuesday, you will need to immediately patch again to stay secure.
The security community and malicious actors alike will always look for ways to break functionality and manipulate code to access systems. This not only makes systems more secure, but also guarantees that new patches will be issued frequently.
The biggest lesson from this Patch Tuesday revision is that patching early and often is the best way to prevent an exploit. Vendors, including Windows and Adobe, will release critical patches outside of their regular schedule if they are severe enough. That means that just patching once a month or even weekly may not catch critical changes fast enough. The more automated and comprehensive your patching strategy, the more secure your infrastructure can be.
Automox is a cloud-based patch management and endpoint protection platform that provides the foundation for a strong security framework by automating the fundamentals of security hygiene to reduce a company’s attack surface by over 80 percent. A powerful set of user-defined controls enables IT managers to filter and report on the vulnerability status of their infrastructure and intuitively manage cross-platform OS patching, third party patching, software deployment, and configuration management. To sign up for a free, 15-day trial of Automox’s cloud-based, automated patch management solution, visit www.automox.com/signup.