Security

Haven't updated your Adobe PDF software lately? Here's 85 new reasons to do it now

Acrobat, Reader get patched up against dozens of new holes

By Shaun Nichols in San Francisco

45 SHARE

Adobe has posted an update to address 85 CVE-listed security vulnerabilities in Acrobat and Reader for both Windows and macOS.

The PDF apps have received a major update that includes dozens of fixes for flaws that would allow for remote code execution attacks if exploited. Other possible attacks include elevation of privilege flaws and information disclosure vulnerabilities.

Fortunately, Adobe said that none of the bugs was currently being targeted in the wild - yet.

Whoa, is it Patch Tuesday already? No, just an unexpected critical Photoshop fix

READ MORE

For Mac and Windows Acrobat/Reader DC users, the fixes will be present in versions 2019.008.20071. For those using the older Acrobat and Reader 2017 versions, the fix will be labeled 2017.011.30105.

Because PDF readers have become such a popular target for email and web-based malware attacks, users and admins alike would do well to test and install the updates as soon as possible. Exploit-laden PDFs have for more than a decade proven to be one of the most reliable ways to put malware on someone's machine.

In total, Adobe credited 19 different researchers with discovering and reporting the vulnerabilities. Among the more prolific bug hunters were Omri Herscovici of CheckPoint Software, who was credited for finding and reporting 35 CVE-listed bugs, and Ke Liu and Tencent Security Xuanwu Lab, who was credited with finding 11 of the patched Adobe vulnerabilities. Beihang University's Lin Wang was given credit for nine vulnerabilities.

While we're on the subject of massive security updates, both users and admins will want to mark their calendars for a week from Tuesday. October 9 is slated to be this month's edition of the scheduled 'Patch Tuesday' monthly security update.

In addition to the normally hefty Microsoft load of fixes for vulnerabilities in Windows, Edge, Internet Explorer, and Office, the Patch Tuesday dump also usually includes a number of fixes from Adobe for products like Flash Player. ®

Sign up to our NewsletterGet IT in your inbox daily

45 Comments

More from The Register

Microsoft emergency update: Malware Engine needs, erm, malware protection

Stop appreciating the irony and go install the patch now

Intel, Microsoft, Adobe release a swarm of bug fixes to ruin your week

Massive patch dump with 112 fixes... and that's just for the Photoshop giant

Exploit kit development has gone to sh$t... ever since Adobe Flash was kicked to the curb

Coinkidink? Nah. Crooks are switching tactics

Adobe forks out $4.75bn for Marketo in massive marketing mashup move

Deal puts pressure on competitors

Patch or ditch Adobe Flash: Exploit on sale, booby-trapped Office docs spotted in the wild

ThreadKit leverages flaw fixed in February

Adobe chatting up Marketo – reports

Fancies slipping automated marketing software biz into its portfolio

Microsoft offloads networking to FPGA-powered NICs

This is how Azure just hit 30Gbps of throughput – and how clouds are being built now

Adobe on internal systems security hole: Panic not. It isn't critical

Researcher: Well, I think you'll find....

Adobe acquires Magento to go B2B2C and beyond

Experience Cloud to add commerce and content management facilities

On the edge of its seats: Cloud rains down even more cash on Adobe

You'll eat our subs model... and our bottom line will expand. See how this works?