This Patch Tuesday, Adobe has published a security bulletin for Adobe Acrobat and Reader to address critical and important vulnerabilities, which could lead to arbitrary code execution in the context of the current user.
The vulnerabilities include five Critical arbitrary code execution flaws, a Critical privilege escalation flaw, and three Important Information Disclosure flaws, according to the advisory.
The updates address 87 CVE vulnerabilities addressing buffer errors, Untrusted pointer deference, security bypass, use after free,out-of-bounds write, heap overflow, out-of-bounds read, integer overflow, and security bypass vulnerabilities.
Affected products include numerous versions of Acrobat DC, Acrobat Reader DC, Acrobat 2017, and AcrobatReader 2017 on Windows and macOS platforms.
Adobe recommends users update their software installations to the latest versions either manually, automatic update, downloading the patches from the Acrobat Reader Download Center or in the case of IT administrators, update via enterprise installers or install updates via their preferred methodology.
