Network Security, Patch/Configuration Management, Vulnerability Management

Adobe update cleans up 86 bugs in Acrobat and Reader, many critical

Adobe Systems today issued a significant update to its Acrobat and Acrobat Reader products for Windows and macOS, fixing 86 vulnerabilities, including multiple critical arbitrary code execution flaws.

The bugs consist of 22 out-of-bounds writes, 36 out-of-bounds reads, seven heap overflows, seven use-after-frees, three type confusions, one stack overflow, one double free, two integer overflows, three buffer errors, three untrusted pointer dereferences, and a security bypass.

In addition to code execution, some of these bugs can be exploited for information disclosure and privilege escalation.

The Acrobat and Reader DC products are fixed with the following versions:

  • Acrobat DC, Continuous Track, 2019.008.20071
  • Acrobat Reader DC, Continuous Track, 2019.008.20071
  • Acrobat 2017, Classic 2017 Track, 2017.011.30105
  • Acrobat Reader DC 2017, Classic 2017 Track, 2017.011.30105
  • Acrobat DC, Classic 2015 Track, 2015.006.30456
  • Acrobat Reader DC, Classic 2015 Track, 2015.006.30456
Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Related

Key cybersecurity concerns among CISOs examined

Mounting zero-day vulnerabilities, more sophisticated living-off-the-land attack techniques, and escalating extortion levels were noted by Mandiant executives to be among the most pressing cybersecurity concerns faced by chief information security officers, CyberScoop reports.

US, Australia apprehend Firebird RAT developer

The FBI and Australian Federal Police have partnered to arrest and indict an unnamed Australian who developed Firebird/Hive remote access trojan and California-based Edmond Chakhmakchyan, also known as Corruption, who allegedly marketed the RAT, according to BleepingComputer.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.