On February 14, 2018, Adobe released security update APSB18-02 for its popular free app Acrobat Reader and its Acrobat software. If your business is running these programs on Windows or Mac devices, it is important to make sure the update is installed. The patch addresses 41 vulnerabilities that cybercriminals could exploit to take control of systems on those devices.

What Hackers Could Do

Adobe has rated 17 of the vulnerabilities as critical, which is its highest severity rating. If hackers are able to exploit one of these weaknesses, they can wreak havoc. What hackers could do depends on the privileges associated with the Reader or Acrobat app. For example, if configured with administrative rights, cybercriminals could:

  • Install malware
  • View, change, or delete data
  • Create new accounts with full user rights

What You Should Do

If your business’s devices are running one of the affected versions of Reader or Acrobat, you should make sure that the APSB18-02 patch has been successfully installed on all the devices. Update processes occasionally fail, so it is important to check each device. If updates are not being automatically installed through Adobe’s update service or another update process, the patch needs to be manually applied.

Besides making sure that your business’s devices are patched, it is a good idea to apply the principle of least privilege throughout your IT environment. In other words, you should restrict access rights for accounts, apps, systems, and services to only those permissions needed to perform authorized activities. This can help contain a cyberattack if a hacker infiltrates an app, system, or service. We can assess your IT environment to see whether this important principle is being applied.