Adobe Releases Out-of-Band Security Patches for 82 Flaws in Various Products

No, it’s not a patch Tuesday.

It’s the third Tuesday of the month, and as The Hacker News shared an early heads-up late last week on Twitter, Adobe today finally released pre-announced out-of-band security updates to patch a total of 82 security vulnerabilities across its various products.

The affected products that received security patches today include:

Out of 82 security vulnerabilities, 45 are rated critical, and all of them affect Adobe Acrobat and Reader and which, if exploited successfully, could lead to arbitrary code execution in the context of the current user.

A majority of critical-rated vulnerabilities (i.e., 26) in Adobe Acrobat and Reader reside due to use-after-free, 6 due to out-of-bounds write, 4 are type confusion bugs, 4 due to untrusted pointer dereference, 3 are heap overflow bugs, one buffer overrun and one race condition issue.

Adobe Acrobat and Reader for Microsoft Windows and Apple macOS operating systems has also received patches for 23 important-rated vulnerabilities that could lead to information disclosure attacks due to out-of-bounds read and cross-site scripting issues.

Adobe Experience Manager, a comprehensive content management solution for building websites, mobile apps, and forms, has been patched to address a total of 12 vulnerabilities, 8 are rated as important, and rests are moderate in severity.

The remaining two vulnerabilities patched today include: one moderate information disclosure issue resides in Adobe Experience Manager Forms for all platforms, and one important privilege escalation flaw affects Adobe Download Manager for Microsoft Windows.

Speaking of out-of-band security updates, surprisingly Adobe Flash Player received no security patch this time. It should be noted that Adobe would stop providing updates for Flash Player at the end of 2020.

Both Acrobat and Reader and Experience Manager updates received a priority rating of 2, which means similar flaws have previously been seen exploited in the wild, but for now, the company has found no evidence of any exploitation of these vulnerabilities in the wild.

On the other hand, Adobe Experience Manager Forms and Adobe Download Manager updates received a priority rating of 3, which means the vulnerabilities addressed in the updates are unlikely to be exploited in attacks, according to Adobe’s update notes.

Though none of the security vulnerabilities fixed in this batch of Adobe updates were publicly disclosed or found being exploited in the wild, we highly recommend you to download the latest versions of the affected software and apply patches at your earliest convenience.

If your system has not yet detected the availability of the new update automatically, you should manually install the update by choosing “Help → Check for Updates” in your Adobe software for Windows, macOS, Linux, and Chrome OS.