Adobe’s Patch Tuesday updates included security updates for Adobe Acrobat and Reader for Windows and Macintosh to address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
All of these vulnerabilities were rated a 2 priority meaning the updates resolved vulnerabilities in a product that has historically been at elevated risk with no known exploits.
Adobe also released patches for Experience Manager to address a cross scripting vulnerability in Apache Sling XSS protection API rated important as well as a moderate reflective cross-site scripting vulnerability, both of which could allow the disclosure of sensitive information.
“On the third-party front, Adobe has released an update for Acrobat and Reader this month,” Ivanti Director of Product Management Chris Goettl said. “APSB18-02 resolves 41 total vulnerabilities (CVEs) and 17 of those are rated Critical, but the more concerning release from Adobe this month was the February 6th update to Adobe’s Flash Player that resolved a Zero Day vulnerability being used to target South Korea.”
He went on to say both Adobe releases should be top of the priority list this month.