Good morning readers, it’s patch Tuesday again—the day of the month when Adobe and Microsoft release security patches for their software.
Adobe just released its monthly security updates to address a total of 40 security vulnerabilities in several of its products, including Flash Player, Adobe Acrobat and Reader, and Shockwave Player.
According to an advisory, Adobe Acrobat and Reader applications for Microsoft Windows and Apple macOS operating systems are vulnerable to a total 21 vulnerabilities, 11 of which have been rated as critical in severity.
Upon successful exploitation, all critical vulnerabilities in Adobe Acrobat and Reader software lead to arbitrary code execution, allowing attackers to take complete control over targeted systems.
Remaining ten vulnerabilities in the most widely used PDF reader are all rated as important and could lead to information disclosure.
If your system hasn’t yet detected the availability of the new update automatically, you should manually install the update by choosing “Help → Check for Updates” in your Adobe Acrobat and Reader software.
Here we have compiled a brief list of all vulnerabilities Adobe patched this month in its various products:
Adobe has released updated versions of Flash Player for Windows, macOS, Linux, and Chrome OS to address two security vulnerabilities, one of which is critical and the other is important in severity.
Flash Player, which will receive security patch updates until the end of 2020, addresses a critical use-after-free vulnerability (CVE-2019-7096) that could potentially allow an attacker to run arbitrary code on the affected systems.
The company has also patched 7 critical vulnerabilities in Adobe Shockwave Player—most likely the last update for the software. That’s because, effective from today (April 9, 2019), Adobe has discontinued support for Shockwave for Windows.
Users of affected Adobe software for Windows, macOS, Linux, and Chrome OS are urged to update their software packages to the latest versions as soon as possible.
According to the company, none of the listed vulnerabilities has been found exploited in the wild.
Microsoft is also about to release its monthly security updates. We will publish a separate article in the next few minutes. Stay Tuned!