On Tuesday, a week after fixes for Flash Player and AIR were released, Adobe published its security bulletin. The update resolved eight vulnerabilities affecting Reader and Acrobat for Windows and Macintosh platforms.
The critical vulnerabilities included a universal cross-site scripting (UXSS) flaw in Reader and Acrobat, as well as a bug that could allow denial-of-service. Memory corruption flaws, which could allow code execution, as well as a sandbox bypass vulnerability, were addressed as well with the update.
A user-after-free vulnerability allowing code execution and a heap overflow vulnerability were also plugged with the release.