Adobe has just released an emergency patch for the big December flaw

The big company released a fix that absolutes the vulnerabilities present in Acrobat and Reader.
Even if Adobe releases updates for its software on a schedule cadence, this latest patch appears to be an emergency release.

This emergency security update fixes two critical flaws but doesn’t give much detail regarding the issues. The company’s spokesman only said that the company acknowledged two vulnerabilities that affected JavaScript API restrictions and also stated that for now, specialists are unaware of any exploitation of the vulnerabilities in the wild.

Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;

The first vulnerability is CVE-2018-19725 and it addresses to an incomplete fix from a previous security patch; by exploiting It a hacker can overwrite JavaScript Read-Only variables.
The second vulnerability is CVE-2018-16011. Funny in this case is the fact that the issue reached the 120-day disclosure deadline and by releasing a patch today, Adobe avoided the 0day disclosure and corrected the December poorly patched flaw.

But as always Adobe did not release details of the software components fixed by the update. The vulnerabilities are somehow similar to previous vulnerabilities investigated by the cybersecurity researchers. Both flaws are based on malicious use of a DLL library (Onix.dll) that allows indexing of content in PDF documents.

In 2018, the number of overall vulnerabilities reported by cybersecurity researchers or used by hackers increased by more than 13% to 16,518, according to the latest data from the National Vulnerability Database. Experts are saying that the vulnerability count will continue to increase throughout 2019 as more issues are retroactively reported.
Most software vendors do their best to find the most efficient way to patch a vulnerability but are failing to close off all of them, because hackers often find ways to work around the fixes.

Sadly from time to time the only way to fix the issues is to remove a feature.
For now, the only good news is that Adobe finally figured out a scientific way to fix the bugs in this cyber attack surface.

Keep in mind that our modern society is dependent on computers, mobile devices, and the use of the internet always stay safe and secured.
We would continue to monitor this cybersecurity problem. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.