Adobe fixes more arbitrary code flaws following Patch Tuesday patches
Adobe fixes more arbitrary code flaws following Patch Tuesday patches

After patching a confusion flaw in Flash last week, Adobe today issued security updates for Adobe Acrobat and Reader for Windows and MacOS.

The updates includes fixes for four critical vulnerabilities that could each allow arbitrary code execution in the context of the current user, according to the May 14 update.

The vulnerabilities included double free, a heap overflow, use-after-free, out-of-bounds write, security bypass, out-of-bounds read, type confusion, untrusted pointer dereference, memory corruption, NTLM SSO hash theft and HTTP Post new line injection via XFA submission vulnerabilities.

All of the available updates were given a priority rating of 1 and Adobe recommends users update their installation to the newest version.

Last week, Adobe patch a critical confusion vulnerability, CVE-2018-4944, found in all Flash Player versions up to 29.0.0.140 which could have also allowed for arbitrary code execution. Last year, Adobe announced it's scheduling to end Flash at the end of 2020 after a two decade run that brought us the ability to play online games, stream radio music and YouTube videos, and a host of vulnerabilities and patches.