In an attempt to prove their vigilance for security, Adobe has once again addressed a number of security flaws that affected Adobe Acrobat and Adobe Reader. The vendor fixed around 86 different vulnerabilities in the Adobe October Patch update that posed a threat to the popular Adobe products. Fortunately, the vendor confirms no exploitation of the bugs.
47 Critical Vulnerabilities Fixed In Adobe October Patch
Adobe has released its schedules Adobe October Patch update addressing a plethora of security vulnerabilities. Precisely, they have fixed 86 different flaws that existed in the popular Adobe products Reader and Acrobat. All these vulnerabilities could allow an attacker to execute arbitrary code.
As stated in the Adobe’s security bulletin,
“Adobe has released security updates for Adobe Acrobat and Reader for Windows and MacOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.”
Out of the vulnerabilities, 47 flaws received critical severity ratings. These include 22 out-of-bounds write vulnerabilities, 7 heap overflow flaws, 7 use after free bugs, 1 double free bug, 3 type confusion glitches, 3 buffer errors, and 3 untrusted pointer dereference flaw. All of these could lead to arbitrary code execution upon exploitation.
Moreover, 1 security bypass privilege escalation flaw also got fixed in this update.
39 Important Vulnerabilities Also Patched
In addition to the 47 critical security flaws, Adobe also released fixes for 39 important vulnerabilities, all of which could result in information disclosure. These include, 36 out-of-bounds read vulnerabilities, 2 integer overflow flaws, and 1 stack overflow vulnerability.
Together, these 86 security bugs affected multiple versions of Adobe Reader and Acrobat. These include, Acrobat DC and Acrobat Reader DC (continuous track) versions 2018.011.20063 and earlier, Acrobat 2017 and Acrobat Reader 2017 (Classic 2017 track) versions 2017.011.30102 and previous ones, and Acrobat DC and Acrobat Reader DC (Classic 2015 track) versions 2015.006.30452 and earlier ones. This applies to the software running on both MacOS and Windows. Users can simply protect themselves from these glitches by simply upgrading to the latest versions.
Adobe does not feel shy to patch and declare such a large number of vulnerabilities. Indeed, they seem more concerned towards users’ security rather than branding. They have a track record of fixing various security flaws of different severity levels prior to their potential exploit. In the previous month, Adobe patched six critical security flaws in the scheduled update. Whereas, it again released an update in the same month addressing multiple critical random code execution flaws.