Adobe Patches Acrobat, Reader, Experience Manager

Wednesday, February 14, 2018 @ 03:02 PM gHale

Adobe released security updates for Acrobat, Acrobat Reader and Experience Manager, fixing 41 vulnerabilities.

The company cleared 39 flaws in its Acrobat and Reader products for Windows and Mac.

RELATED STORIES
Microsoft Fixes 50 Vulnerabilities
Microsoft Updates Windows to Fix Flash
Flash Zero Day Under Attack
Surveillance Malware Hits Utilities, Manufacturers

The holes, rated important and critical with a priority rating of 2, have been described as security mitigation bypass, heap overflow, use-after-free, out-of-bounds read, and out-of-bounds write weaknesses that can be exploited for privilege escalation or arbitrary code execution.

The flaws impact version 2018.009.20050 and earlier of Acrobat DC Continuous Track, version 2017.011.30070 and earlier of Acrobat 2017, and versions 2015.006.30394 and earlier of Acrobat DC Classic Track.

More than half of the vulnerabilities ended up reported to Adobe by employees of China-based Tencent.

Experience Manager, the latest version of the enterprise content management solution, patched two vulnerabilities, including a reflected cross-site scripting (XSS) issue rated moderate, and an important XSS in the Apache Sling XSS protection API.

According to Adobe, exploitation of these flaws could allow attackers to obtain sensitive information.



Leave a Reply

You must be logged in to post a comment.