An unidentified hacker group appears to have accidentally exposed two fully-working zero-days when they’ve uploaded a weaponized PDF file to a public malware scanning engine. Slovak antivirus vendor ESET, who reported the issues to Adobe and Microsoft, had the issues patched within two months. The two vulnerabilities are meant to be used together and make up a so-called “exploit chain”” The Adobe zero-day is intended to provide the ability to run custom code inside Adobe Acrobat/Reader
Source: