The recent zero-day vulnerability CVE-2018-4990 in Adobe Reader enables attackers to perform a Remote Code Execution on targeted machines. Adobe has released a security advisory APSB18-09 on May 14, 2018 to address this issue. According to Adobe, the in-wild attack is targeted and it impacts limited Windows users.
About the vulnerability
This is a Double free vulnerability in Adobe Reader which allows attackers to perform a Remote Code Execution on targeted machines. After successful exploitation, attackers can take control of the vulnerable systems and download and execute malware on them.
Quick Heal detection
Quick Heal has released the following detection for the vulnerability CVE-2018-4990.
Quick Heal Security Labs is actively looking for new in-wild exploits for this vulnerability and ensuring coverage for them.