Adobe has released patches for 84 serious vulnerabilities all over its Adobe Flash Player and Acrobat Reader items as part of its regular updates scheduled for this month, which could lead to a random code completion regarding the current user. The company said that it doesn’t have knowledge of other flaws or any of its product vulnerabilities being actively taken advantage of at the moment.
Most of the vulnerabilities are found in Adobe Acrobat and Reader, namely 36 main information exposure flaws and 48 critical-severity random code execution flaws.
These crucial vulnerabilities also comprise:
– 6 off-limits write flaws – CVE-2019-7829, CVE-2019-7825, CVE-2019-7822, CVE-2019-7818, CVE-2019-7804, CVE-2019-7800
– a confusion bug – CVE-2019-7820
– a buffer error glitch – CVE-2019-7824
– a double free flaw – CVE-2019-7784
– a security diversion – CVE-2019-7779
Users are asked to immediately update to the most recent versions of the used products, with the rank update ‘2’, which means that the update fixes the flaws within a product that has always been at high risk.
These are the affected Acrobat and Reader variants:
– Acrobat DC (classic 2015) for Windows and macOS
Affected Versions: 2015.006.30495 and earlier versions
-Acrobat Reader DC (classic 2015) for Windows and macOS
Affected Versions: 2015.006.30493 and earlier versions
– Acrobat 2017 (classic 2017) for Windows, macOS
Affected Versions: 2017.011.30140 and earlier variants
– Acrobat Reader 2017 (classic 2017) for Windows and macOS
Affected Versions: 2017.011.30138 and earlier
– Acrobat DC (continuous) for Windows, macOS
Affected Versions: 2019.010.20100 and earlier versions
– Acrobat Reader DC (continuous) for Windows and macOS
Affected Versions: 2019.010.20099 and earlier
In the meantime, Adobe Flash Player has a serious use-after-free flaw that could permit an arbitrary code execution on affected systems. The vulnerability was reported through Trend Micro’s Zero Day Initiative. The glitch (CVE-2019-7837) is in the product for Desktop Runtime, Google Chrome, Internet Explorer 11 (variants 184.108.40.206) and Microsoft Edge. Those who use the Adobe Flash Player are asked to update to version 220.127.116.11.
Lastly, two vulnerabilities are in Adobe Media Encoder version 13.0.2. This item has a serious use-after-free bug, CVE-2019-7842, which could permit remote code-execution; also a crucial off-limits read data exposure vulnerability, CVE-2019-7844. Those who use this product are urged to update to version 13.1.
Acrobat Reader also fixed the majority of security vulnerabilities in April’s routine-scheduled patches, and Adobe solved 43 separate CVE numbers from eight different items. Acrobat Reader had an overall of 21 flaws, 11 of which were crucial arbitrary code execution vulnerabilities.
Katie Tachuck is a reporter for News Lair. After graduating from UCLA, Katie got an internship at a local radio station and worked as a investigative journalist and producer. Katie has also worked as a columnist for the The Santa Fe New Mexican. Katie covers economy and community events for News Lair.