Adobe's November Patch Tuesday made up for October when nothing was issued, with an offering that included 83 patches, including fixes for five critical-rated issues in Flash Player. Reader and Acrobat, by themselves, generated more than five dozen CVEs.
The critical Flash Player patches cover CVE-2017-3112, CVE-2017-3114, CVE-2017-11213, CVE-2017-11215 and CVE-2017-11225, all of which could allow for remote code execution if left unfixed.
The Acrobat and Reader updates cover 62 separate issues, with many rated as critical due to the possibility of remote code execution, if left unpatched.
“...It's quite a big month for Adobe, who...issued advisories across nine separate products. Given the prevalence of PDF documents, administrators should take a close look at whether Adobe software in their environment is up to date,” Greg Wiseman, Rapid7's senior security researcher, told SC Media.
While the other product categories did not require as many patches, each had at least one critical issue.
- PhotoShop: two critical bugs, one a use-after-free flaw and the other a memory corruption. Both could lead to remote code execution.
- Shockwave: one critical flaw.
- Digital Editions: six problems, one considered critical.
- InDesign: one critical flaw was noted.
- Adobe DNG Converter: one critical vulnerability.
- Connect: five security issues, one rated critical.
