Adobe has released security patches to over 105 vulnerabilities in Adobe Acrobat and Reader. The security updates are now available for both Windows and macOS. Many rated critical and important, Adobe warns that successful exploitation could lead to arbitrary code execution.
Security researchers at Trend Micro's Zero Day Initiative reported several of these vulnerabilities to Adobe. Writing to Wccftech, the team said that "many of the vulnerabilities patched today are related to file format parsing." Today's release raises an important question over so many bugs that were probably left unpatched for several months before they are being fixed in bulk.
"In the past, we saw Microsoft implement mitigations for certain types of vulnerabilities that shut down entire classes of bugs," ZDI’s Dustin Childs said. "To address the substantial number of bugs we continue to buy in Adobe products, they may need to take a similar approach.”
Some details of what's being fixed this month by Adobe
Latest versions of Adobe Acrobat and Reader for Windows and macOS address several security flaws, including some critical memory corruption issues that can allow remote code execution. Double free, heap overflow, use-after-free, out-of-bounds write, out-of-bounds read, type confusion, untrusted pointer dereference, and buffer error are some of the critically rated security issues being fixed with today's update.
The software maker has also issued fixes for two security flaws in Flash Player, three in Experience Manager, and another three in Connect. Flash Player version 30.0.0.134 addresses a critical type confusion issue that can lead to code execution and another bug that can lead to information disclosure.
Adobe assures that the company isn't aware of any active exploitation of these security flaws. Your Adobe product should update automatically to today's versions. However, you can also manually update them by going to Help > Check for Updates.
- For more technical details, head over to Adobe.
About the author: Rafia joined Wccftech in 2012 as a tech reporter. She is currently working on stories focusing on people and technologies that are turning Microsoft into a “company to watch” again. She is also responsible for collaborating with tech makers and e-commerce platforms to bring annoying but tempting deals to our readers.
Follow Wccftech on Google to get more of our news coverage in your feeds.
