Unit 42 Discovers Vulnerabilities in Adobe Acrobat and Reader and Foxit Reader, Shares Threat Research at Microsoft BlueHat Shanghai 2019

As part of ongoing threat research, Palo Alto Networks Unit 42 threat researchers have discovered 28 new vulnerabilities addressed by the Adobe Product Security Incident Response Team (PSIRT) as part of their May Adobe Security Bulletin APSB19-18 and five Foxit Reader vulnerabilities addressed by Foxit Software as part of their recent security update releases. The Adobe vulnerabilities discovered included 19 Critical and 9 Important rated vulnerabilities.

Unit 42 Vulnerability Research Team Discovers 23 New Vulnerabilities February 2019 Disclosures – Adobe and Microsoft

As part of Unit 42’s ongoing threat research, we can now disclose that Palo Alto Networks Unit 42 threat researchers have discovered 23 new vulnerabilities addressed by the Adobe Product Security Incident Response Team (PSIRT) as part of their February 2019 APSB19-07 security update release and 2 vulnerabilities addressed by the Microsoft Security Response Center (MSRC) as part of their February 2019 security update release.  Severity ratings ranged from Important to Critical for each of these vulnerabilities.

Unit 42 Vulnerability Research October 2018 Disclosures – Adobe

As part of Unit 42’s ongoing threat research, we can now disclose that Palo Alto Networks Unit 42 researchers have discovered ten vulnerabilities addressed by the Adobe Product Security Incident Response Team (PSIRT) as part of their October 2018 APSB18-30 security update release.   CVE Vulnerability Category Impact Maximum Severity Rating Researcher(s) CVE-2018-12769 Use After

Palo Alto Networks Researcher Discovers Four Critical Vulnerabilities in Adobe Flash Player

Palo Alto Networks was recently credited with the discovery of four new vulnerabilities affecting Adobe Flash Player. Researcher Tao Yan discovered critical vulnerabilities CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985 affecting Adobe Flash Player. Descriptions of each, as well as details on affected versions and products, are included in the Adobe Security Bulletin. Adobe has released security updates

‘DealersChoice’ is Sofacy’s Flash Player Exploit Platform

Unit 42 has reported on various Sofacy group attacks over the last year, most recently with a post on Komplex, an OS X variant of a tool commonly used by the Sofacy group. In the same timeframe of the Komplex attacks, we collected several weaponized documents that use a tactic previously not observed in use

Palo Alto Networks Discovers Two Adobe Reader Privileged JavaScript Zero-Days

We recently discovered two zero-day vulnerabilities in Adobe Reader. Adobe has since released a patch (on October 6, 2016) to fix these vulnerabilities, which are named CVE-2016-6957 and CVE-2016-6958. These vulnerabilities could allow an attacker to compromise Adobe Reader by bypassing restrictions on JavaScript API execution (CVE-2016-6957) and security provisions that prevent arbitrary execution of

Palo Alto Networks Researcher Discovers Eight Critical Vulnerabilities in Adobe Flash Player

Palo Alto Networks was recently credited with the discovery of eight new vulnerabilities affecting Adobe Flash Player. Researcher Tao Yan discovered critical vulnerabilities CVE-2016-4182, CVE-2016-4237, CVE-2016-4238, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, and CVE-2016-4285 affecting Adobe Flash Player. Descriptions of each, as well as details on affected versions and products, are included in the following Adobe Security

Palo Alto Networks Researcher Discovers Critical Vulnerabilities in Adobe Flash

Palo Alto Networks was recently credited with discovery of two new vulnerabilities affecting Adobe Flash Player. Researcher Hui Gao discovered critical vulnerabilities CVE-2015-8443 and CVE-2015-8444. Descriptions of each, as well as details on affected versions and products, are included in an Adobe Security Bulletin dated December 8, 2015. Adobe has released security updates for Adobe

Palo Alto Networks Researchers Discover Critical Vulnerabilities in Internet Explorer and Adobe Shockwave Player

Palo Alto Networks researchers have been credited with discovery of new vulnerabilities affecting Adobe Shockwave Player and Microsoft Internet Explorer. Palo Alto Networks researcher Tongbo Luo discovered a critical vulnerability in Adobe Shockwave Player affecting Shockwave versions 12.1.9.160 and earlier for Windows. The vulnerability and upgrade instructions are detailed by Adobe in a Security Bulletin