“The worst of these vulnerabilities could allow an attacker to completely take control of an affected system.”Īdobe also fixed seven arbitrary code execution flaws in the Windows version of its Shockwave Player, which is its multimedia platform for building interactive multimedia applications and video games. “The patch for Acrobat corrects 21 different CVEs,” said Dustin Childs, with Trend Micro’s Zero-Day Initiative, in a Patch Tuesday analysis. These flaws exist in Acrobat Reader DC (2019.010.20098 and earlier versions), Acrobat Reader 2017 (2017.011.30127 and earlier versions) and Acrobat Reader DC Classic 2015 (2015.006.30482 and earlier versions) for Windows and macOS. “Successful exploitation could lead to arbitrary code execution in the context of the current user.” These updates address critical and important vulnerabilities,” said Adobe in its update. “Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. Acrobat Reader, Adobe’s family of products allowing users to create and manage PDF files, had the bulk of security flaws that were patched, with 21 vulnerabilities overall, 11 of which were critical arbitrary code execution flaws. The company said that none of the vulnerabilities are currently being exploited in the wild. Overall, Adobe issued fixes for 43 different CVE numbers across eight different products, Tuesday, as part of a regularly-scheduled monthly security update. Adobe has fixed 24 critical arbitrary code execution vulnerabilities across multiple products, including Acrobat Reader, Adobe Flash, and Adobe Shockwave Player.
0 kommentar(er)
