Adobe patches dozens of critical flaws in Acrobat PDF products

Credit: ID 70139301 © Suwaruk Puajirapanich | Dreamstime.com

Adobe has released a relatively large batch of fixes for its Acrobat and Reader products, plugging up 45 critical flaws and 23 important flaws, making a grand total of 68 flaws. 

Adobe has updates available macOS and Windows systems using Acrobat DC, Acrobat Reader DC, Acrobat 2017, Reader 2017, Acrobat 2015 and Reader 2015. 

The 45 critical flaws would allow arbitrary code execution. “Successful exploitation could lead to arbitrary code execution in the context of the current user,” Adobe warned. 

The big update today follows an absence of patches which usually fall on the same day as Microsoft’s October Patch Tuesday. 

Fortunately, according to Adobe, none of the 68 Acrobat flaws are being actively exploited. Nonetheless the company is advising users and admins to install the updates. 

There’s also one more Adobe Reader-related “important” flaw in the Adobe Download Manager, a tool for assisting downloads for Reader and Flash Player for Windows. The tool had insecure file permissions that could allow an attacker to escalate privileges.     

While of the Acrobat and Reader flaws are critical, it gave the bugs a priority “2” rating for patching

Adobe also has security updates available for the Adobe Experience Manager (AEM), its set of products for managing digital content. Multiple important and moderate flaws affect versions 6.5 through to 6.0 of AEM. Updates are available for AEM versions 6.5, 6.4 and 6.3. 

“Successful exploitation could result in unauthorized access to the AEM environment,” Adobe notes.   

Read more: Adobe patches Flash, Reader, and Photoshop CC

The fourth product it has updates for is Adobe Experience Manager Forms, its product for managing and publishing digital forms.

The update addresses a stored cross-site scripting vulnerability that Adobe rated as “important” and “could result in sensitive information disclosure”.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
CSO WANTED
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags adobeacrobatreader

More about AdobeMicrosoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Liam Tung

Latest Videos

More videos

Blog Posts