Adobe sends out second wave of security updates for critical vulnerabilities

A total of 47 vulnerabilities in Adobe Reader, Acrobat, and Photoshop CC have been tackled in the new security update.

Adobe has released a large security update which tackles 47 vulnerabilities only a week after the firm's customary monthly patch round.

The latest patch update impacts Adobe Acrobat and Reader for Windows and MacOS, alongside Adobe Photoshop CC for Windows and macOS.

Security updates for Acrobat DC impact the consumer version 2018.011.20038 and earlier, as well as Classic 2015 versions 2015.006.30417 and earlier.

The consumer version of Acrobat Reader DC versions 2018.011.20038 and earlier, as well as Classic 2017 versions 2017.011.30079 and earlier, and Classic 2015 versions 2015.006.30417 and earlier are affected.

Adobe Acrobat 2017 versions 2018.011.20038 and earlier are also impacted by this security update.

In total, 24 vulnerabilities resolved in these updates are deemed critical. If exploited, successful attacks may result in arbitrary code execution in the context of the current user.

The resolved critical bugs include a double free problem, seven heap overflow vulnerabilities, 13 use-after-free bugs, a type confusion issue, an untrusted pointer dereference error and one out-of-bounds write security flaw.

In addition, Adobe has patched a plethora of out-of-bounds read, type confusion security vulnerabilities, and memory corruption problems which could lead to information leaks.

When it comes to Adobe Photoshop CC, the tech giant's security updates resolve a critical vulnerability in Photoshop CC versions 19.1.3, 19.x, 18.1.3, as well as 18.x versions and earlier.

See also: Adobe patches critical vulnerabilities in Flash, Creative Cloud

According to Adobe, exploitation of the lone out-of-bounds write bug could lead to arbitrary code execution in the context of the current user.

Adobe says that no reports have been received which suggest these vulnerabilities are being exploited in the wild.

However, users are recommended to update their builds as soon as possible.

Last week, Adobe's usual monthly patch update included security problems in Adobe Creative Cloud Desktop application, Adobe Flash Player, and Adobe Connect.

One critical type confusion vulnerability was resolved which could allow attackers to perform remote code execution in Flash.

Previous and related coverage

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All