Adobe has posted an update to addressVulnerability-related.PatchVulnerability85 CVE-listed security vulnerabilities in Acrobat and Reader for both Windows and macOS . The PDF apps have receivedVulnerability-related.PatchVulnerabilitya major update that includes dozens of fixes for flaws that would allow for remote code execution attacks if exploitedVulnerability-related.DiscoverVulnerability. Other possible attacks include elevation of privilege flaws and information disclosure vulnerabilities . Fortunately , Adobe said that none of the bugs was currently being targeted in the wild - yet . For Mac and Windows Acrobat/Reader DC users , the fixes will be presentVulnerability-related.PatchVulnerabilityin versions 2019.008.20071 . For those using the older Acrobat and Reader 2017 versions , the fix will be labeledVulnerability-related.PatchVulnerability2017.011.30105 . Because PDF readers have become such a popular target for email and web-based malware attacks , users and admins alike would do well to test and install the updates as soon as possible . Exploit-laden PDFs have for more than a decade proven to be one of the most reliable ways to put malware on someone 's machine . In total , Adobe credited 19 different researchers with discoveringVulnerability-related.DiscoverVulnerabilityand reportingVulnerability-related.DiscoverVulnerabilitythe vulnerabilities . Among the more prolific bug hunters were Omri Herscovici of CheckPoint Software , who was credited for findingVulnerability-related.DiscoverVulnerabilityand reportingVulnerability-related.DiscoverVulnerability35 CVE-listed bugs , and Ke Liu and Tencent Security Xuanwu Lab , who was credited with findingVulnerability-related.DiscoverVulnerability11 of the patched Adobe vulnerabilities . Beihang University 's Lin Wang was given credit for nine vulnerabilities . While we 're on the subject of massive security updates , both users and admins will want to mark their calendars for a week from Tuesday . October 9 is slated to be this month 's edition of the scheduled 'Patch Tuesday ' monthly security update .
A single SMS can force Samsung Galaxy devices into a crash and reboot loop , and leave the owner with no other option than to reset it to factory settings and lose all data stored on it . This is because there are certain bugs in older Samsung Galaxy phones and tablets that can be triggered via SMS , and used by attackers to force maliciously crafted configuration messages onto the users ’ device . The bugs allow these types of messages to be executed without user interaction . As the ContextIS researchers who discoveredVulnerability-related.DiscoverVulnerabilitythe vulnerabilities explained , this avenue of attack can be abused by crooks to hold users ’ devices for ransom . “ First a ransom note is sent , if ignored then the malicious configuration message can be sent , ” they noted . If the victim pays upAttack.Ransom, a configuration message can later be sent to stop the rebooting . The vulnerabilities in questionVulnerability-related.DiscoverVulnerability, CVE-2016-7988 and CVE-2016-7989 , can be triggered through SMS on the S4 , S4 Mini , S5 and Note 4 , but not on newer Samsung devices . “ It ’ s worth noting that although newer phones such as the S6 and S7 aren ’ t affected over the air , [ a similar result ] could be accomplished by a malicious app abusing CVE-2016-7988 , ” they addedVulnerability-related.DiscoverVulnerability. These specific issues are related to modifications Samsung made to to the Android telephony framework and are found in a Samsung-specific application for handling carrier messages . “ We responsibly disclosedVulnerability-related.DiscoverVulnerabilitythis to Samsung who handle the patching processVulnerability-related.PatchVulnerabilitywith carriers . We extended our standard 90 day disclosure policy to allow Samsung time to arrangeVulnerability-related.PatchVulnerabilityfor the patches to be made available , ” the researchers told Help Net Security . Whether all users of vulnerable devices have receivedVulnerability-related.PatchVulnerabilitythe patches is difficult to tell . “ The Android update process is a bit of a minefield and is well illustrated in this HTC diagram , ” they commented . They also noted that it ’ s possible that the same avenue of attack could be abused to target other devices – it all depends on how this same technology is handled by other vendors