MUST READ

Fortinet FortiWeb flaw CVE-2025-25257 exploited hours after PoC release

 | 

Authorities released free decryptor for Phobos and 8base ransomware

 | 

Anne Arundel Dermatology data breach impacts 1.9 million people

 | 

LameHug: first AI-Powered malware linked to Russia’s APT28

 | 

5 Features Every AI-Powered SOC Platform Needs in 2025

 | 

Broadcom patches critical VMware flaws exploited at Pwn2Own Berlin 2025

 | 

Stormous Ransomware gang targets North Country HealthCare, claims 600K patient data stolen

 | 

United Natural Foods Expects $400M revenue impact from June cyber attack

 | 

Cisco patches critical CVE-2025-20337 bug in Identity Services Engine with CVSS 10 Severity

 | 

UNC6148 deploys Overstep malware on SonicWall devices, possibly for ransomware operations

 | 

Operation Eastwood disrupted operations of pro-Russian hacker group NoName057(16)

 | 

Salt Typhoon breach: Chinese APT compromises U.S. Army National Guard network

 | 

Former US Army member confesses to Telecom hack and extortion conspiracy

 | 

CVE-2025-6554 marks the fifth actively exploited Chrome Zero-Day patched by Google in 2025

 | 

DDoS peaks hit new highs: Cloudflare mitigated massive 7.3 Tbps assault

 | 

U.S. CISA adds Wing FTP Server flaw to its Known Exploited Vulnerabilities catalog

 | 

Android Malware Konfety evolves with ZIP manipulation and dynamic loading

 | 

Belk hit by May cyberattack: DragonForce stole 150GB of data

 | 

North Korea-linked actors spread XORIndex malware via 67 malicious npm packages

 | 

FBI seized multiple piracy sites distributing pirated video games

 | 

Adobe fixed multiple critical flaws in Acrobat and Reader

Pierluigi Paganini May 15, 2024

Adobe addressed multiple code execution vulnerabilities in several products, including Adobe Acrobat and Reader.

Adobe addressed multiple code execution vulnerabilities in its products, including Adobe Acrobat and Reader software

The software giant released its Patch Tuesday updates to fix 35 security vulnerabilities 12 of these issues impact Adobe Acrobat and Reader software.

The arbitrary code execution issues fixed by the company includes Use After Free, Improper Input Validation, and Improper Access Control.

Vulnerability CategoryVulnerability ImpactSeverityCVSS base scoreCVSS vectorCVE Number
Use After Free (CWE-416)Arbitrary code executionCritical7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVE-2024-30284
Out-of-bounds Write (CWE-787)Arbitrary code executionCritical7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVE-2024-30310
Use After Free (CWE-416)Arbitrary code executionCritical7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVE-2024-34094
Use After Free (CWE-416)Arbitrary code executionCritical7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVE-2024-34095
Use After Free (CWE-416)Arbitrary code executionCritical7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVE-2024-34096
Use After Free (CWE-416)Arbitrary code executionCritical7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVE-2024-34097
Improper Input Validation (CWE-20)Arbitrary code executionCritical7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVE-2024-34098
Improper Access Control (CWE-284)Arbitrary code executionCritical7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVE-2024-34099
Use After Free (CWE-416)Arbitrary code executionCritical7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVE-2024-34100
Out-of-bounds Read (CWE-125)Memory leakImportant5.5CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NCVE-2024-30311
Out-of-bounds Read (CWE-125)Memory leakImportant5.5CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NCVE-2024-30312
Out-of-bounds Read (CWE-125)Memory leakModerate3.3CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NCVE-2024-34101

The vulnerabilities were reported by the following experts and research team:

  • Mark Vincent Yason (markyason.github.io) working with Trend Micro Zero Day Initiative – CVE-2024-30284, CVE-2024-34094, CVE-2024-34095, CVE-2024-34096, CVE-2024-34097
  • Cisco Talos (ciscotalos)  – CVE-2024-30311, CVE-2024-30312
  • Bobby Gould of Trend Micro Zero Day Initiative – CVE-2024-30310, CVE-2024-34101
  • AbdulAziz Hariri (@abdhariri) of Haboob SA (@HaboobSa) – CVE-2024-34098, CVE-2024-34099
  • Suyue Guo and Wei You from Renmin University of China (ruc_se_sec) – CVE-2024-34100

Adobe PSIRT is not aware of attacks in the wild exploiting the above vulnerabilities.

The vulnerabilities impact versions: 24.002.20736 and earlier, and 20.005.30574 and earlier for Windows and macOS operating systems.

Adobe also fixed issues in Adobe Illustrator (APSB24-30), Adobe Aero (APSB24-33), Adobe Dreamweaver (APSB24-39), Adobe Substance 3D Painter (APSB24-31), Adobe Substance 3D Designer (APSB24-35), Adobe Animate (APSB24-36), Adobe FrameMaker (APSB24-37).

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Acrobat)

Acrobat Adobe Hacking hacking news information security news IT Information Security Pierluigi Paganini Security Affairs Security News

you might also like

Pierluigi Paganini July 19, 2025
Fortinet FortiWeb flaw CVE-2025-25257 exploited hours after PoC release
Read more
Pierluigi Paganini July 18, 2025
Authorities released free decryptor for Phobos and 8base ransomware
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Fortinet FortiWeb flaw CVE-2025-25257 exploited hours after PoC release

Hacking / July 19, 2025

Authorities released free decryptor for Phobos and 8base ransomware

Malware / July 18, 2025

Anne Arundel Dermatology data breach impacts 1.9 million people

Data Breach / July 18, 2025

LameHug: first AI-Powered malware linked to Russia’s APT28

APT / July 18, 2025

5 Features Every AI-Powered SOC Platform Needs in 2025

Security / July 18, 2025