Patch/Configuration Management, Vulnerability Management

Adobe Reader and Acrobat in the spotlight for Patch Tuesday updates


Adobe’s May Patch Tuesday security update contained 24 vulnerabilities in Acrobat and Acrobat Reader and another dozen in the Adobe DNG Software Development Kit.

The patches, of which 12 are rated critical, cover Acrobat DC, Acrobat Reader DC, Acrobat 2017, Acrobat Reader 2017, Acrobat 2015 and Acrobat Reader 2015 for Windows and macOS.

Adobe is not aware at this time of any issue being exploited in the wild.

The critical vulnerabilities consist of heap overflow, race condition, out-of-bounds write, security bypass, buffer error and use-after-free flaws that, if exploited, could lead to arbitrary code execution, information disclosure or security bypass. Updates can be found here.

The 12 security issues addressed in Adobe DNG Software Development Kit contained four rated critical, with the remainder considered important. The critical vulnerabilities are all related to a heap overflow problem that can result in arbitrary code execution. Updates can be found here.

Adobe also pushed out security updates on April 29 when the company patched 21 critical vulnerabilities in Illustrator and Bridge.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.