Hello, welcome to the Wednesday, May 16th, 2018 edition of the Sandtonet Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

Remember how yesterday I talked about how Adobe released a PDF reader and Acrobat update, kind of surprisingly on Friday, just a couple days after

the usual patch Tuesday.

Well, it turns out that there is now working exploit code public that does affect vulnerabilities

being patched by this update, as well as vulnerabilities patched by Microsoft on

patch Tuesday. The two vulnerabilities are first of all CVE 2018 4990. This is a

code execution vulnerability in acrobat reader and secondly CVE 2018, 8120.

What apparently happened was that antivirus company ESET noticed that two PDFs were uploaded

to virus total that actually triggered these vulnerabilities.

Not clear if the actual discoverer of the vulnerabilities did

upload the files or if a victim inadvertently uploaded the files to a virus total. Given that

information about this vulnerability is now public and it wouldn't be all that hard for anybody

now to create a PDF exploiting the code

execution as well as the Burlidge escalation exploit. You should really be very careful about

PDFs in the near future and make sure that you expedite applying the patch from last Friday.

And I just checked one of the samples on Virus Total and according to Virus Total, I just

triggered a re-scan.

Only four out of 58 antivirus engines are detecting these known samples.

And then we got an interesting vulnerability that was disclosed in the Keeper

password manager API. Keeper is one of these password managers that you can use to save your

passwords in a wallet. And like many of these tools, it does provide the ability to sync passwords across different

...