Security

Haven't updated your Adobe PDF software lately? Here's 85 new reasons to do it now

Acrobat, Reader get patched up against dozens of new holes


Adobe has posted an update to address 85 CVE-listed security vulnerabilities in Acrobat and Reader for both Windows and macOS.

The PDF apps have received a major update that includes dozens of fixes for flaws that would allow for remote code execution attacks if exploited. Other possible attacks include elevation of privilege flaws and information disclosure vulnerabilities.

Fortunately, Adobe said that none of the bugs was currently being targeted in the wild - yet.

Whoa, is it Patch Tuesday already? No, just an unexpected critical Photoshop fix

READ MORE

For Mac and Windows Acrobat/Reader DC users, the fixes will be present in versions 2019.008.20071. For those using the older Acrobat and Reader 2017 versions, the fix will be labeled 2017.011.30105.

Because PDF readers have become such a popular target for email and web-based malware attacks, users and admins alike would do well to test and install the updates as soon as possible. Exploit-laden PDFs have for more than a decade proven to be one of the most reliable ways to put malware on someone's machine.

In total, Adobe credited 19 different researchers with discovering and reporting the vulnerabilities. Among the more prolific bug hunters were Omri Herscovici of CheckPoint Software, who was credited for finding and reporting 35 CVE-listed bugs, and Ke Liu and Tencent Security Xuanwu Lab, who was credited with finding 11 of the patched Adobe vulnerabilities. Beihang University's Lin Wang was given credit for nine vulnerabilities.

While we're on the subject of massive security updates, both users and admins will want to mark their calendars for a week from Tuesday. October 9 is slated to be this month's edition of the scheduled 'Patch Tuesday' monthly security update.

In addition to the normally hefty Microsoft load of fixes for vulnerabilities in Windows, Edge, Internet Explorer, and Office, the Patch Tuesday dump also usually includes a number of fixes from Adobe for products like Flash Player. ®

Send us news
47 Comments

Crims found and exploited these two Microsoft bugs before Redmond fixed 'em

SAP, Adobe, Intel, AMD also issue fixes as well as Google for Android

That home router botnet the Feds took down? Moscow's probably going to try again

Non-techies told to master firmware upgrades and firewall rules. For the infosec hardheads: have some IOCs

Cybercriminals are stealing iOS users' face scans to break into mobile banking accounts

Deepfake-enabled attacks against Android and iPhone users are netting criminals serious cash

Zeus, IcedID malware kingpin faces 40 years in slammer

Nearly a decade on the FBI’s Cyber Most Wanted List after getting banks to empty vics' accounts

Exploiting the latest max-severity ConnectWise bug is 'embarrassingly easy'

Urgent patching advised to protect attacks against setup wizards

Bumblebee malware wakes from hibernation, forgets what year it is, attacks with macros

Trying to break in with malicious Word documents? How very 2015 of you

Zoom stomps critical privilege escalation bug plus 6 other flaws

All desktop and mobile apps vulnerable to at least one of the vulnerabilities

North Korea running malware-laden gambling websites as-a-service

$5k a month for the site. $3k for tech support. Infection with malware and funding a despot? Priceless

Raspberry Robin devs are buying exploits for faster attacks

One of most important malware loaders to cybercrims who are jumping on vulnerabilities faster than ever

Chinese Coathanger malware hung out to dry by Dutch defense department

Attack happened in 2023 using a bespoke backdoor, confirming year-old suspicions

Adobe has 'no plans' to invest in XD despite failed Figma buy

Oh the bitter irony – now Figma can enjoy a monopoly in UX niche, say devs

Double trouble for Fortinet as it issues critical FortiSIEM vulns

Please stand by 73 hours for vendor response...*