Adobe fixes 47 critical flaws in Acrobat and Reader

Adobe has released security updates for Adobe Acrobat and Reader, and they fix a prodigious amount of critical (47) and important (39) vulnerabilities affecting both software packages.

The updates are available for Windows and MacOS and Adobe advises implementing them sooner rather than later.

There are currently no known exploits for any of them, but they can lead to arbitrary code execution, privilege escalation and information disclosure through products that have historically been at elevated risk.

About the vulnerabilities

Vulnerabilities in PDF readers are a popular target for miscreants looking to drop malware and compromise systems, and Adobe Reader is still among the most widely used software of that kind.

Successful exploitation of many of the vulnerabilities fixed with these updates could lead to arbitrary code execution in the context of the current user, which can result in partial or total system compromise.

All of the vulnerabilities were reported by outside researchers, either by directly contacting Adobe or through Trend Micro’s Zero Day Initiative or iDefense Labs’ Vulnerability Contributor Program (VCP).

Omri Herscovici of CheckPoint Software is the researcher who flagged most of the vulnerabilities by far: 35.

Adobe advises Acrobat DC and Acrobat Reader DC users to upgrade to version 2019.008.20071, Acrobat 2017 and Acrobat Reader DC 2017 users to upgrade to version 2017.011.30105, and Acrobat DC 2015 and Acrobat Reader DC 2015 to upgrade to version 2015.006.30456.