Windows 10 or Mac user? Patch Adobe Reader and Acrobat now to fix 9 critical security flaws

Adobe releases security updates after missing its usual release aligned with Microsoft Patch Tuesday.

Adobe has released an important security update for its popular PDF products, Adobe Acrobat and Reader. 

The company has released an update for the PDF software for Windows and macOS machines. The update addresses nine critical flaws and four vulnerabilities rated as important. 

The critical flaws include an out-of-bounds write, a stack-based overflow flaw, a use-after-free, buffer overflow, and memory corruption bug. 

All the critical flaws allow for arbitrary code execution, meaning attackers could use them to rig a PDF to install malware on a computer running a vulnerable version of the software.

SEE: 10 tips for new cybersecurity pros (free PDF)

Adobe said it was not aware of any exploits in the wild for any of the issues addressed in these updates.  

Adobe notably didn't release security updates this month in line with Microsoft's Patch Tuesday as it usually does. Its February update addressed 12 critical vulnerabilities affecting its Acrobat PDF products.  

The March Patch Tuesday update from Microsoft was its largest ever, fixing 115 vulnerabilities including the wormable Windows 10 SMBv3 vulnerability that it accidentally leaked details about. Microsoft last week released an out-of-band fix for the flaw, tracked as CVE-2020-0796. 

Adobe's updates are available for Acrobat DC, Acrobat Reader DC, Acrobat 2017, Acrobat Reader 2017, Acrobat 2015 and Acrobat Reader 2015. 

SEE: Microsoft's March security update is the largest in history

The new round of security updates follows an out-of-band patch on February 20 to address a flaw affecting the Adobe Media Encoder on Windows and another affecting Adobe After Effects on Windows.

The 13 newly disclosed Acrobat flaws are tracked as CVE-2020-3795, CVE-2020-3799, CVE-2020-3800, CVE-2020-3804, CVE-2020-3806, CVE-2020-3807, CVE-2020-3803, CVE-2020-3792, CVE-2020-3793, CVE-2020-3801, CVE-2020-3802, CVE-2020-3805, CVE-2020-3797.

adobe-acrobat-flaws-march-2020.png

Adobe's security update addresses nine critical flaws and four vulnerabilities rated as important. 

Image: Adobe