Adobe today patched 17 vulnerabilities in Acrobat and Reader, all of which the vendor rated as critical and warn could allow an attacker to commandeer the underlying system.
Adobe said desktop versions of Acrobat and Reader XI (11.0.13), for Windows and Macintosh, are affected, as are Acrobat and Reader DC (15.009.20077 and 15.006.30097).
None of the vulnerabilities are being attacked in the wild, Adobe said.
All but one of the 17 vulnerabilities, Adobe said, could lead to code execution. The update patches five use-after-free vulnerabilities, a double-free flaw and nine memory corruption vulnerabilities.
Adobe also updated its Adobe Download Manager, patching a vulnerability in the directory search patch used to find resources. That flaw could also lead to code execution.