Security

Haven't updated your Adobe PDF software lately? Here's 85 new reasons to do it now

Acrobat, Reader get patched up against dozens of new holes

By Shaun Nichols in San Francisco

47 SHARE

Adobe has posted an update to address 85 CVE-listed security vulnerabilities in Acrobat and Reader for both Windows and macOS.

The PDF apps have received a major update that includes dozens of fixes for flaws that would allow for remote code execution attacks if exploited. Other possible attacks include elevation of privilege flaws and information disclosure vulnerabilities.

Fortunately, Adobe said that none of the bugs was currently being targeted in the wild - yet.

Whoa, is it Patch Tuesday already? No, just an unexpected critical Photoshop fix

READ MORE

For Mac and Windows Acrobat/Reader DC users, the fixes will be present in versions 2019.008.20071. For those using the older Acrobat and Reader 2017 versions, the fix will be labeled 2017.011.30105.

Because PDF readers have become such a popular target for email and web-based malware attacks, users and admins alike would do well to test and install the updates as soon as possible. Exploit-laden PDFs have for more than a decade proven to be one of the most reliable ways to put malware on someone's machine.

In total, Adobe credited 19 different researchers with discovering and reporting the vulnerabilities. Among the more prolific bug hunters were Omri Herscovici of CheckPoint Software, who was credited for finding and reporting 35 CVE-listed bugs, and Ke Liu and Tencent Security Xuanwu Lab, who was credited with finding 11 of the patched Adobe vulnerabilities. Beihang University's Lin Wang was given credit for nine vulnerabilities.

While we're on the subject of massive security updates, both users and admins will want to mark their calendars for a week from Tuesday. October 9 is slated to be this month's edition of the scheduled 'Patch Tuesday' monthly security update.

In addition to the normally hefty Microsoft load of fixes for vulnerabilities in Windows, Edge, Internet Explorer, and Office, the Patch Tuesday dump also usually includes a number of fixes from Adobe for products like Flash Player. ®

Sign up to our NewsletterGet IT in your inbox daily

47 Comments

More from The Register

Microsoft crams Office 365 docs into Edge-style sandboxes to thwart malware infections

Ignite Your guide to some of the security enhancements announced this week

Don't be so Maduro: Adobe backs down (a little) on Venezuela sanctions blockade

Media giant says it can now pay back subscription fees

Take a dip in our joint data lake, 'seamlessly' hoover up intel on customers – Microsoft, SAP and Adobe

Tech trio put Accenture, EY, WPP on advisory council for 'Open Data Initiative'

Hot patches for ColdFusion: Adobe drops trio of fixes for three serious flaws

While you're at it, fix Java too

Meet the Great Duke of... DLL: Microsoft shines light on Astaroth, a devilishly sneaky strain of fileless malware

DLL or no DLL?

It's raining patches, Hallelujah! Microsoft and Adobe put out their latest major fixes

Updated Hefty patch Tuesday checks in at just under 100 CVEs

Fancy a fondleslab dab? Adobe pulls oilcloth off new iPad-first Fresco painting, drawing app

Photoshop-compatible files, 3 types of brushes in touchy app

This may shock you but Adobe is shipping insecure software. No, it's not Flash this time. Nope, not Acrobat, either

Mobile app SDKs sport dodgy crypto defaults, set bad examples – updates available

Time to check who left their database open and leaked 7.5m customer records: Hi there, Adobe Creative Cloud!

No passwords, banking details, but enough info to convincingly phish someone

Google goes full Anti-Flash-ist, boots Adobe's insecure monstrosity out of web search index

Crawler bots to snub animated content starting this year

Whitepapers

Accelerate and Modernize Your SQL Server Deployments

Learn how Intel® Select Solutions for SQL Server are designed to enable simplified deployments and optimized performance for SQL Server environments.

Defending Against the Siege of Ransomware

Ransomware is big business. But to win the war against this cyber threat, without paying a king’s ransom, you need a strong defense.

Data Protection for the Enterprise with Commvault and HPE

To succeed in the enterprise space, vendors need to deliver a strong set of features that will also integrate with the underlying infrastructure.

How data architecture drives cloud transformation

You’re looking to move to the cloud because you know just how powerful the model can be. You’ve seen what you can make possible, if you harness the wealth of data now available to your applications. You’re looking to deliver on your digital transformation goals, respond to new business opportunities and disrupt your entire market.