In the February’s monthly scheduled updates, Adobe has once again fixed a number of security flaws. The Adobe February Patch Tuesday allegedly addressed critical vulnerabilities in Adobe Reader, alongside bringing fixes for numerous other bugs in Adobe ColdFusion, Creative Cloud Desktop app installer, and Flash Player.
43 Critical Flaws Fixed In Adobe Reader
With the Adobe February Patch Tuesday updates, Adobe Reader received fixes for tens of security flaws affecting the software. Reportedly, Adobe patched 43 critical vulnerabilities and 28 important security bugs threatening Adobe Reader DC and Acrobat DC.
Among the critical vulnerabilities, 39 security flaws could allow arbitrary code execution upon exploitation. Whereas 2 critical vulnerabilities could result in information disclosure, and 2 could lead to privilege escalation.
Regarding the 28 important vulnerabilities, all of them were out-of-bounds read bugs resulting in information disclosure.
As described in their security advisory, the vulnerabilities affected the following software versions for Windows and Mac systems.
- Acrobat DC and Acrobat Reader DC (continuous track) – versions 2019.010.20069 and earlier
- Adobe Acrobat 2017 and Acrobat Reader 2017 – versions 2017.011.30113 and earlier
- Acrobat DC and Acrobat Reader DC (Classic 2015) – versions 2015.006.30464 and earlier
Adobe has fixed these bugs in the updated versions; Acrobat DC and Acrobat Reader DC (continuous track) v.2019.010.20091, Acrobat 2017 and Acrobat Reader 2017 version 2017.011.30120, and Acrobat DC and Acrobat Reader DC (Classic 2015) v.2015.006.30475.
Other Vulnerabilities Fixed With Adobe February Patch Tuesday Updates
Apart from the bunch of security fixes for Adobe Reader and Acrobat, Adobe also patched vulnerabilities in other products. These include an important privilege escalation DLL hijacking vulnerability affecting the Creative Cloud Desktop Application (installer) for Windows, versions 4.7.0.400 and earlier, that got fixed in version 4.8.0.410, and an important out-of-bounds read information disclosure vulnerability targeting Adobe Flash Player.
Besides, Adobe also fixed a critical arbitrary code execution bug, and an important cross-site scripting in ColdFusion versions 2018, 2016 and 11.
In January, Adobe’s patch Tuesday updates only addressed vulnerabilities in Adobe Connect and Adobe Digital Editions. That did not include any fixed for Adobe Reader or Flash Player.