Adobe Sends Second Wave of Security Patches Fixing Critical Flaws
In its latest wave of security patches, Adobe has sent fixes to around 50 vulnerabilities, including some critical arbitrary code execution flaws in Acrobat, Reader and Photoshop. Today's updates follow fixes of tens of vulnerabilities in Flash Player, Creative Cloud, Acrobat, and Reader that arrived on the Patch Tuesday last week.
Today's patches, however, have been assigned a priority rating of 1 while the previous lot was assigned 2, which is less likely to be exploited.
Adobe sends more fixes your way
The software maker has addressed 47 security flaws in Acrobat DC (Consumer and Classic 2015), Acrobat Reader DC (Consumer and Classic 2015), Acrobat 2017, and Acrobat Reader 2017 for Windows and macOS. These flaws include some critical flaws that could allow arbitrary code execution, along with some that could lead to information disclosure or security bypasses.
Acrobat/Reader DC version 2018.011.20040, 2017.011.30080 and 2015.006.30418 bring the fixes of the issues.
The company has also issued security updates to Photoshop CC to fix a critical out-of-bounds write vulnerability that can be exploited for remote code execution. "These updates resolve a critical vulnerability in Photoshop CC 19.1.3 and earlier 19.x versions, as well as 18.1.3 and earlier 18.x versions," the company said. "Successful exploitation could lead to arbitrary code execution in the context of the current user."
Photoshop CC 2018 version 19.1.4 and Photoshop CC 2017 version 18.1.4 bring the fix. The company acknowledged Giwan Go and Trend Micro's Zero Day Initiative (CVE-2018-4946) for reporting the bugs.
Adobe has also reminded yet again that the support for Adobe Acrobat 11.x and Adobe Reader 11.x ended on October 15, 2017. "Version 11.0.23 is the final release for Adobe Acrobat 11.x and Adobe Reader 11.x," the company wrote. "Adobe strongly recommends that you update to the latest versions of Adobe Acrobat DC and Adobe Acrobat Reader DC. By updating installations to the latest versions, you benefit from the latest functional enhancements and improved security measures."