On the same day that Microsoft unleashed a torrent of 34 patches on its customer base, Adobe on Tuesday published patches for 29 vulnerabilities in its Acrobat and Reader products as part of its new quarterly patch release program.
The Adobe vulnerabilities patched yesterday include a remote code-execution vulnerability found in Adobe Reader and Acrobat that is already being used by attackers. The flaw is a heap overflow and the SANS Internet Storm Center reports that it has been under attack in the wild since last week. Adobe’s security team said that there are some mitigations that can protect customers against the attacks, even before the patch is installed.
Adobe has rated the huge batch of fixes as critical and recommends that customers install the package immediately.