Adobe Reader – Security Vulnerability Re-emerges

Adobe has released yet again another update to patch the huge security risk of allowing a hacker to gain access to a user’s Windows login credentials.

Adobe has released its second attempt to patch the large security risk which was originally released to fix CVE 2019-7089, a vulnerability in Adobe Reader that was thought to be patched on 12 February 2019.

The flaw was originally made public by Cure53 researcher Alex Inführ in January, who discovered how a malicious PDF could be used to trigger an SMB call-back revealing an NTLMv2 hash, this then could be then Brute force attacked in turn revealing the user’s password. For non-technical users, this means that passwords used to access a Windows file share might be revealed to an internet-based attacker who does not have permission to access the local network. Because most end-users use the same password to log on to their network domain or PC this security vulnerability could have a devastating impact on data protection.

Adobe has released security updates for Adobe Acrobat Reader for Windows and MacOS. These updates address a reported bypass to the fix for CVE 2019-7089 first introduced in 2019.010.20091, 2017.011.30120 and 2015.006.3047.

How to fix the Adobe Acrobat Reader security flaw

You must make sure that you have the latest version of Adobe Reader DC installed and we recommend that if you think that you may have opened an infected file then you should change your password immediately, it takes no time and instructions on how to make sure you are fully up to date are below.

Open Adobe Reader DC and under the “Help” dropdown choose Check for Updates.

 

 

 

 

 

 

 

Once Adobe Reader has checked for updates make sure that it shows the following build number or higher – (19.010.20098)