Adobe had a jumbo-sized May Patch Tuesday that addressed 85 vulnerabilities in just two products, including 49 rated as critical, including a critical patch for Flash Player.
The Flash Player advisory covered CVE-2019-7837, a use after free flaw that could lead to arbitrary code execution in Flash Player for Windows, macOS, Linux and ChromeOS.
The critical issues addressed by Adobe’s advisory were found in Adobe Acrobat and Reader for Windows and macOS and were classified as out-of-bounds write, type confusion, use after free, heap overflow, buffer error, double free and security bypass flaws. All of these can lead to remote code execution, if exploited.
The 36 vulnerabilities rated as important are all centered on an out-of-bounds read issue that could lead to information disclosure, if exploited.
Adobe said that none of the critical or important vulnerabilities are being exploited in the wild. Patches are available and should download automatically.