Adobe has announced an important patch for its Acrobat and Reader solutions and is advising users to update ASAP. Both products are receiving a batch of bug fixes. In total, 45 critical flaws and 23 important flaws have been shored up in this release.
According to Adobe, the updates are available on Windows and macOS versions of Acrobat DC, Acrobat Reader DC, Acrobat 2017, Reader 2017, Acrobat 2015 and Reader 2015. Looking at the critical flaws, the company says they would give bad actors the ability to run arbitrary code executions on the services.
“Successful exploitation could lead to arbitrary code execution in the context of the current user,” the software giant warns.
Adobe’s monthly patch is later than normal. The company typically patches its services to coincide with Microsoft’s Patch Tuesday. However, Microsoft rolled out its October Patch Tuesday a week ago.
Luckily, Adobe has confirmed none of the 68 flaws that were patched have been exploited in the wild. Still, as usual the company is telling users to update as soon as possible to avoid problems down the road.
Adobe does say there is another important Reader flaw. Specifically, the Download Manage, which is used to help download Reader and Flash Player on Windows. The company says the feature was sending insecure file permissions which could give hackers more system privileges.
“Successful exploitation could result in unauthorized access to the AEM environment,” Adobe notes.
Back in September, Microsoft and Adobe announced Microsoft Intune now integrates with Reader. On iOS and Android, Intune’s application protection is enabled without the need for additional software.
“Anyone using the latest version of the standard Acrobat Reader app will now have the industry-leading protection of Intune when handling their corporate documents and forms on mobile devices,” explained Microsoft CVP Brad Anderson in a blog post.