Adobe Systems today released an unscheduled security update for Acrobat and Reader for both the Windows and MacOS operating systems, fixing two critical vulnerabilities in the process.

The San Jose, Calif.-based software company identified the issues as a use-after-free bug that can result in arbitrary code execution (CVE-2018-16011) and a security bypass flaw that can lead to privilege escalation (CVE-2018-19725). The classic 2015, classic 2017 and continuous track versions are all affected, and each has been patched.

Sebastian Apelt and Abdul Aziz Hariri of Trend Micro's Zero Day Initiative are credited with spotting CVE-2018-16011 and CVE-2018-19725, respectively.