Adobe has released a set of security updates for Adobe Acrobat and Reader for Windows and MacOS to address several critical and important vulnerabilities that could lead to arbitrary code execution in the context of the current user.
Acrobat DC (Continuous), Acrobat Reader DC (Continuous), Acrobat 2017 (Classic 2017), Acrobat Reader 2017 (Classic 2017), Acrobat DC (Classic 2015) and Acrobat Reader DC (Classic 2015) products are all affected, according to the Security Bulletin.
The update address seven flaws and comes just a week after Adobe’s regularly scheduled Patch Tuesday which addressed seven critical patches.
The most recent update includes a critical (CVE-2018-12848) out-of-bounds write vulnerabilities and six more important out-of-bounds write vulnerabilities (CVE-2018-12849, CVE-2018-12850, CVE-2018-12801, CVE-2018-12840, CVE-2018-12778, CVE-2018-12775) that could enable information disclosure.
There are currently no known exploits in the wild for any of these flaws but Adobe still recommends users update their systems as soon as possible.