Patch/Configuration Management, Vulnerability Management

Adobe releases surprise update week after Patch Tuesday

Adobe has released a set of security updates for Adobe Acrobat and Reader for Windows and MacOS to address several critical and important vulnerabilities that could lead to arbitrary code execution in the context of the current user.

Acrobat DC (Continuous), Acrobat Reader DC (Continuous), Acrobat 2017 (Classic 2017), Acrobat Reader 2017 (Classic 2017), Acrobat DC (Classic 2015) and Acrobat Reader DC (Classic 2015) products are all affected, according to the Security Bulletin.

Adobe Utah facility
Adobe Utah facility

The update address seven flaws and comes just a week after Adobe’s regularly scheduled Patch Tuesday which addressed seven critical patches.

The most recent update includes a critical (CVE-2018-12848) out-of-bounds write vulnerabilities and six more important out-of-bounds write vulnerabilities (CVE-2018-12849, CVE-2018-12850, CVE-2018-12801, CVE-2018-12840, CVE-2018-12778, CVE-2018-12775) that could enable information disclosure.

There are currently no known exploits in the wild for any of these flaws but Adobe still recommends users update their systems as soon as possible.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.