Adobe Patches Code Execution Flaws in Reader, Acrobat

Adobe today patched 17 remote code execution vulnerabilities in Acrobat and Reader.

Adobe today patched 17 vulnerabilities in Acrobat and Reader, all of which the vendor rated as critical and warn could allow an attacker to commandeer the underlying system.

Adobe said desktop versions of Acrobat and Reader XI (11.0.13), for Windows and Macintosh, are affected, as are Acrobat and Reader DC (15.009.20077 and 15.006.30097).

None of the vulnerabilities are being attacked in the wild, Adobe said.

The update is a relatively small one for Acrobat and Reader; the last few released by Adobe have saddled admins with patches for dozens of vulnerabilities in the software.

All but one of the 17 vulnerabilities, Adobe said, could lead to code execution. The update patches five use-after-free vulnerabilities, a double-free flaw and nine memory corruption vulnerabilities.

The update also patches a vulnerability where an attacker could bypass restrictions on JavaScript API execution.

Adobe also updated its Adobe Download Manager, patching a vulnerability in the directory search patch used to find resources. That flaw could also lead to code execution.


Suggested articles