Security

Haven't updated your Adobe PDF software lately? Here's 85 new reasons to do it now

Acrobat, Reader get patched up against dozens of new holes

47 Got Tips?

Adobe has posted an update to address 85 CVE-listed security vulnerabilities in Acrobat and Reader for both Windows and macOS.

The PDF apps have received a major update that includes dozens of fixes for flaws that would allow for remote code execution attacks if exploited. Other possible attacks include elevation of privilege flaws and information disclosure vulnerabilities.

Fortunately, Adobe said that none of the bugs was currently being targeted in the wild - yet.

Whoa, is it Patch Tuesday already? No, just an unexpected critical Photoshop fix

READ MORE

For Mac and Windows Acrobat/Reader DC users, the fixes will be present in versions 2019.008.20071. For those using the older Acrobat and Reader 2017 versions, the fix will be labeled 2017.011.30105.

Because PDF readers have become such a popular target for email and web-based malware attacks, users and admins alike would do well to test and install the updates as soon as possible. Exploit-laden PDFs have for more than a decade proven to be one of the most reliable ways to put malware on someone's machine.

In total, Adobe credited 19 different researchers with discovering and reporting the vulnerabilities. Among the more prolific bug hunters were Omri Herscovici of CheckPoint Software, who was credited for finding and reporting 35 CVE-listed bugs, and Ke Liu and Tencent Security Xuanwu Lab, who was credited with finding 11 of the patched Adobe vulnerabilities. Beihang University's Lin Wang was given credit for nine vulnerabilities.

While we're on the subject of massive security updates, both users and admins will want to mark their calendars for a week from Tuesday. October 9 is slated to be this month's edition of the scheduled 'Patch Tuesday' monthly security update.

In addition to the normally hefty Microsoft load of fixes for vulnerabilities in Windows, Edge, Internet Explorer, and Office, the Patch Tuesday dump also usually includes a number of fixes from Adobe for products like Flash Player. ®

Sign up to our NewsletterGet IT in your inbox daily

47 Comments

Keep Reading

Microsoft Defender casts a jaundiced eye over Citrix, slams services in quarantine on suspicion of being malware

You say broker, I say trojan, let's call the whole thing off

Photostopped: Adobe Cloud evaporates in mass outage. Hope none of you are on a deadline, eh?

More than dozen services down, customers left unable to work

Fret not, Linux fans, Microsoft's Project Freta is here to peer deep into your memory... to spot malware

Shining a Rust-based forensic light into the darker corners of images

Microsoft uses its expertise in malware to help with fileless attack detection on Linux

Aw, how generous

Researchers reckon 500k PCs infested with malware after dodgy downloads install even more nasties from Bitbucket

That 'free' Adobe or Microsoft software isn't all it's cracked up to be, eh?

With no viable alternatives, big names flock to Adobe's cloudy wares amid global pandemic

The new normal is all right for some

It's July 2020, and your PC or Mac can be pwned by a dodgy Photoshop file – Adobe emits critical patch batch

Major fixes for Bridge and Prelude, too, plus Reader Android updated

The Adobe Flash Farewell Tour 2020: LibreOffice to axe export support for .SWF in version 7

Another one bites the dust

Adobe debuts disk-cleaning tool cleverly disguised as an arbitrary file deletion bug in Creative Cloud on Windows

Patch this flaw, unless you want random docs to wipe out your work

We spent way too long on this Microsoft, Intel, Adobe, SAP, Red Hat Patch Tuesday article. Just click on it, pretend to read it, apply updates

Patch Tuesday Please, thanks, good show, cheers, ta

Tech Resources

Navigating the New Era of Cloud Computing

Hear from Steve Sibley, VP of Offering Management for IBM Power Systems about how IBM Power Systems can enable hybrid cloud environments that support “build once, deploy anywhere” options.

Simplifying Hybrid Cloud Flash Storage

According to industry analysts, a critical element for secure hybrid multicloud environments is the storage infrastructure.

Accelerate Your Journey to the Cloud

Increasingly, enterprises are looking to the cloud to run their core mission-critical systems and the cloud is often the primary platform for launching new applications.

Speed NAS & Cloud Data Migrations: Elastic Data Migration

Migrating data into faster, flash-based NAS and cloud storage can be tough. Learn how to migrate large production data sets quickly, and without errors or user disruption with …