Security News

Adobe has released security updates to address vulnerabilities classified as 'Important' in Adobe Reader for Android and Adobe Connect. Adobe advises all customers to update the vulnerable products to the latest versions as soon as possible to block attacks that could attempt to exploit unpatched installations.

Adobe on Tuesday published updated versions of its Acrobat and Reader software to fix fourteen flaws, four of which have been designated "Critical." These updates should be installed as soon as possible to close off their vulnerabilities. Adobe generally issues patches on "Patch Tuesday," a date observed by many tech companies that falls on the second Tuesday of every month.

Adobe on Tuesday informed customers that it has patched over a dozen vulnerabilities in its Acrobat products, including critical flaws that can be exploited for arbitrary code execution. The company says it has fixed a total of 14 security holes in the Windows and macOS versions of Acrobat DC, Acrobat Reader DC, Acrobat 2020, Acrobat Reader 2020, Acrobat 2017, and Acrobat Reader 2017.

Adobe has fixed critical-severity flaws tied to four CVEs in the Windows and macOS versions of its Acrobat and Reader family of application software services. These critical flaws include a heap-based buffer overflow, out-of-bounds write glitch and two use-after free flaws.

Adobe has released security updates to address critical severity vulnerabilities affecting Adobe Acrobat and Reader for Windows and macOS that could enable attackers to execute arbitrary code on vulnerable devices. Adobe categorized the security updates as priority 2 updates which means that they address vulnerabilities with no public exploits in products that have "Historically been at elevated risk."

Adobe announced on Monday that it has appointed Mark Adams as its new chief security officer. Adams will report to Abhay Parasnis, Adobe's chief technology officer, and he will be responsible "For security-related decisions across the company, leading the teams responsible for the security of Adobe's infrastructure, products and services, as well as teams dedicated to security incident response and communications."

Worse still, Flash bugs seemed to show up very frequently as zero-days, the jargon term for exploitable security holes that are found by attackers before a patch is available, thus leaving even the most disciplined and swift-acting system administrators with zero days during which they could have been ahead of the crooks. If anything showed that Adobe's heart hasn't really been in Flash for many years, it was the story of how Apple banned Flash from the iPhone in 2010.

Microsoft has released the KB4577586 update to remove Adobe Flash from Windows and prevents it from being installed again. In September 2020, Microsoft announced that an optional update would be released in the fall to uninstall Adobe Flash Player and prevent it from being installed again on the same device.

Adobe has released 18 out-of-band security patches in 10 different software packages, including fixes for critical vulnerabilities that stretch across its product suite. There are 16 critical bugs, all of which allow arbitrary code execution in the context of the current user.

Adobe on Tuesday announced that it has released security updates for 10 of its products, patching a total of 20 vulnerabilities. In the Windows and macOS versions of Illustrator, Adobe fixed 7 critical vulnerabilities that can lead to arbitrary code execution in the context of the current user.