Adobe has released a numerous amount of new patches for Windows and Macintosh, 81 in total, for flaws affecting Acrobat, Reader, and Flash. According to the updated security bulletin , 71 of the 81 patches are for the Acrobat and Reader products. These particular vulnerabilities are all rated “critical,” mainly because Adobe identifies them as being able to "allow an attacker to take control of the affected system."
As Kaspersky Lab pointed out in their analysis of the Adobe security bulletin, Adobe has not patched this many vulnerabilities in Reader and Acrobat since last May's 93 vulnerabilities. The last time there was a patch for these programs was in July, which resulted in a total of 38 patches. On the plus side, there has been a decrease in patches needed for Flash, which went from last month's number of 29 to October's 12.
For IT pros, it is imperative that even though the list is extensive, you implement these Adobe patches as soon as possible. The company has stated that there are no known incidents of these vulnerabilities being exploited, but it is only a matter of time until a hacker does so. This is especially true in the case of Adobe products that have such a wide user base.
In many ways it is very concerning that Adobe is continuously patching so many critical vulnerabilities. I'll unpack that statement. While it is great that the security division at the company is able to discover and fix the flaws, why are so many critical vulnerabilities occurring in the first place? I fully accept that programming errors are always an occupational hazard, but considering the popularity of Adobe products, I really think the company should evaluate why critical flaws occur so frequently.
Photo credit: Adobe