Select Page

Adobe is closing out this year with its December Patch Tuesday update to address a massive number of security vulnerabilities for just its two PDF apps—more than double the number of what Microsoft patched this month for its several products.

Adobe today released patches for 87 vulnerabilities affecting its Acrobat and Reader software products for both macOS and Windows operating systems, of which 39 are rated as critical and 48 important in severity.

The security update comes less than a week after Adobe released patches for a critical zero-day vulnerability (CVE-2018-15982) in Flash Player that was actively being exploited in a targeted attack targeting a Russian state health care institution.

The critical vulnerabilities addressed today in Acrobat and Reader include three heap-overflow bugs, five out-of-bounds write flaws, two untrusted pointer dereference issues, two buffer errors, and 24 use-after-free bugs.

Upon successful exploitation, all of the above critical vulnerabilities would allow an attacker to execute arbitrary code on compromised computers.

Rest three critical-rated issues addressed this month are all security bypass issues which, if exploited, would lead to privilege escalation.

In addition to the critical bugs, Adobe patched 48 ‘important’ security flaws in the Acrobat and Reader, including 43 are out-of-bounds read issues, four integer overflow flaws, and two security bypass issues—all of which could lead to information disclosure.

According to the company’s support website, vulnerabilities rated as important, “if exploited would compromise data security, potentially allowing access to confidential data, or could compromise processing resources in a user’s computer.”

images from Hacker News