image
Adobe today released its monthly software updates to patch a total of 87 security vulnerabilities in its Adobe Acrobat and Reader, Flash Player and Media Encoder, most of which could lead to arbitrary code execution attacks or worse. None of the flaws patched this month in Adobe products has been found exploited in the wild. Out of 87 total flaws, a whopping number of vulnerabilities (i.e., 84 in total) affect Adobe Acrobat and Reader applications alone, where 42 of them are critical and rest 42 are important in severity. Upon successful exploitation, all critical vulnerabilities in Adobe Acrobat and Reader software lead to arbitrary code execution, allowing attackers to take complete control over targeted systems. Adobe has released updated versions of Acrobat and Reader software for Windows and macOS operating systems to address these security vulnerabilities. The update for Adobe Flash Player, which will receive security patch updates until the end of 2020, comes this month with a patch for just one security vulnerability( CVE-2019-7837), which is critical in severity and affects Windows, macOS, Linux, and Chrome OS versions of the software. The third Adobe product that received patches this month is Media Encoder, a powerful tool that allows users to compress audio and/or video files to be played back across browsers and devices. Adobe has released Media Encoder version 13.1 that addresses two security vulnerabilities, one of which is critical (CVE-2019-7842) and leads to remote code execution while the second is an information disclosure flaw. Users of affected Adobe software for Windows, macOS, Linux, and Chrome OS are urged to update their software packages to the latest versions as soon as possible. If your system hasn’t yet detected the availability of the new update automatically, you should manually install the update by choosing “Help → Check for Updates” in your Adobe Acrobat and Reader software.

Source