Adobe May Patch Tuesday updates addressed multiple security vulnerabilities in different Adobe products. Precisely, a huge number of critical security flaws flooded Adobe Reader and Acrobat. Whereas, the vendors also addressed some bugs in Adobe Flash Player and Adobe Media Encoder.
Multiple Flaws Patched In Adobe Reader And Acrobat
As disclosed in Adobe’s advisory, a large number of critical security flaws affected Adobe Reader and Acrobat. While Adobe had already fixed over 20 different security flaws in these products with April updates, this month again, the products seem somewhat flooded with security bugs.
Reportedly, this month’s update addressed 48 critical security flaws, and 35 important bugs affecting different versions of Adobe Acrobat and Adobe Reader. The critical flaws include 6 out-of-bounds write vulnerabilities, 36 use after free flaws, 1 type confusion bug, 1 buffer error, 1 double free, 1 security bypass, and 2 heap overflow vulnerabilities. Upon exploit by a potential attacker, all of these products could allow arbitrary code execution.
The important ones include 35 out-of-bounds read flaws that could result in information disclosure.
To remain protected from potential exploits, the users must ensure updating their systems to the latest patched versions released by Adobe. These include the following.
- Acrobat DC and Acrobat Reader DC (continuous track) version 2019.012.20034
- Adobe Acrobat 2017 and Acrobat Reader DC 2017 (Classic 2017) version 2017.011.30142
- Acrobat DC and Acrobat Reader DC (Classic 2015) version 2015.006.30497
Other Adobe May Patch Tuesday Fixes
Apart from the Adobe Acrobat and Reader, the vendors also fixed 2 security bugs in Adobe Media Encoder v13.0.2. These include a critical use-after-free vulnerability (CVE-2019-7842) allowing remote code execution, and an important out-of-bounds read flaw (CVE-2019-7844) leading to information disclosure. Adobe has patched the vulnerabilities with the release of Adobe Media Encoder version 13.1 for both Windows and Mac users.
In addition, Adobe also fixed a critical use after free flaw (CVE-2019-7837) affecting the Adobe Flash Player. This flaw, reported by Trend Micro’s Zero Day Initiative could allow arbitrary code execution by a potential attacker. Adobe has fixed this vulnerability in the latest Flash Player version 184.108.40.206.
Take your time to comment on this article.