Meanwhile, Adobe has issued out-of-band security updates to address several vulnerabilities in its Acrobat Reader and Document Cloud products. The most critical vulnerability (CVE-2018-12848) is an out-of-bounds write vulnerability that could lead to arbitrary code execution. Other important vulnerabilities (CV3-2018-12801, CVE-2018-12840, CVE-2018-12849, CVE-2018-12850, CVE-2018-12775, CVE-2018-12778) are out-of-bounds read vulnerabilities that could lead to information disclosure. The vulnerabilities have not been exploited in the wild.
Trend Micro’s Zero Day Initiative (ZDI) team has also publicly disclosed a serious remote code execution vulnerability in the Microsoft JET Database engine used by several Microsoft products. There is currently no patch for the vulnerability. An attacker could exploit this vulnerability to execute code under the context of the current process, but it requires user interaction as the target has to open a malicious file containing data stored in the JET database format. Various applications use this database format. In the absence of a patch, we urge users to stay vigilant and refrain from opening files from untrusted sources.
 Another Victim of the Magecart Assault Emerges: Newegg
 [SingCERT] Alert on Critical Out-Of-Band Adobe Acrobat Vulnerability (CVE-2018-12848)
 ZDI-CAN-6135: A remote code execution vulnerability in the Microsoft Windows JET Database Engine
More Weekly Cyber Newsanalysis and insights
KrisFlyer Air Miles Sold in Dark Web Marketplaces, Chinese Police Arrest 21 Over Data Theft at Alibaba’s Delivery Arm
Fake Bitcoin Sites Use Names of Singapore Leaders to Solicit Investments, Japan’s Cryptocurrency Exchange Loses US$62 Million In Hack
SingHealth Cyber Attacker Entered Network In August Last Year, TheDarkOverLord Resurfaces With Stolen Patient Records
Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.
Ensign Systems Integration
Architecting and implementing cybersecurity solutions that bolster defences
Ensign Managed Security Services
Managing your security operations for advanced threat detection, continuous monitoring, and triage services