Delayed Adobe patches fix long list of critical flaws

2020-03-19 11:22

Obscured by a long list of Microsoft patches and some fuss about a missing SMB fix, the answer is Adobe, which normally times its update cycle to coincide with the OS giant's monthly schedule.

It's mostly a practical convenience - admins and end-users get all the important client patches at once, which includes Adobe's ubiquitous Acrobat and Reader software.

It's not clear what caused the delay although it might simply be their number and the need to finalise patches before making them public.

A similar concentration of CWE-119 weaknesses is true for many of the critical flaws in Photoshop.

Most of the Acrobat/Reader flaws allow arbitrary code execution which would be exploited by persuading users to open a malicious PDF, so these should be patched as soon as possible.

News URL

https://nakedsecurity.sophos.com/2020/03/19/delayed-adobe-patches-fix-long-list-of-critical-flaws/

#adobe #critical

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Adobe		112	77	1333	1988	640	4038