Unit 42 Discovers Vulnerabilities in Adobe Acrobat and Reader and Foxit Reader, Shares Threat Research at Microsoft BlueHat Shanghai 2019

As part of ongoing threat research, Palo Alto Networks Unit 42 threat researchers have discovered 28 new vulnerabilities addressed by the Adobe Product Security Incident Response Team (PSIRT) as part of their May Adobe Security Bulletin APSB19-18 and five Foxit Reader vulnerabilities addressed by Foxit Software as part of their recent security update releases. The Adobe vulnerabilities discovered included 19 Critical and 9 Important rated vulnerabilities.

Exploits in the Wild for WordPress Social Warfare Plugin CVE-2019-9978

Unit 42 releases new details on two vulnerabilities in Social Warfare (CVE-2019-9978). Both vulnerabilities are present in all versions of Social Warfare prior to 3.5.3: an estimated 42,000 websites are potentially vulnerable. Unit 42 researchers found five compromised sites actively used for hosting malicious exploit code, which allows the attackers to control more websites. In this blog post we provide new details on the root cause of the vulnerabilities, proof of concept code (PoC) to demonstrate the vulnerability, and information on attacks we observed in the wild as well as the scope of vulnerable sites.

Unit 42 Vulnerability Research Team Discovers 23 New Vulnerabilities February 2019 Disclosures – Adobe and Microsoft

As part of Unit 42’s ongoing threat research, we can now disclose that Palo Alto Networks Unit 42 threat researchers have discovered 23 new vulnerabilities addressed by the Adobe Product Security Incident Response Team (PSIRT) as part of their February 2019 APSB19-07 security update release and 2 vulnerabilities addressed by the Microsoft Security Response Center (MSRC) as part of their February 2019 security update release.  Severity ratings ranged from Important to Critical for each of these vulnerabilities.

Unit 42 Vulnerability Research October 2018 Disclosures – Adobe

As part of Unit 42’s ongoing threat research, we can now disclose that Palo Alto Networks Unit 42 researchers have discovered ten vulnerabilities addressed by the Adobe Product Security Incident Response Team (PSIRT) as part of their October 2018 APSB18-30 security update release.   CVE Vulnerability Category Impact Maximum Severity Rating Researcher(s) CVE-2018-12769 Use After