Adobe patches 'critical' vulnerabilities -- again

Adobe has released a numerous amount of new patches for Windows and Macintosh, 81 in total, for flaws affecting Acrobat, Reader, and Flash. According to the updated security bulletin , 71 of the 81 patches are for the Acrobat and Reader products. These particular vulnerabilities are all rated “critical,” mainly because Adobe identifies them as being able to "allow an attacker to take control of the affected system."

In the patch report, the vulnerabilities were grouped together based on commonality. The main groups were use-after-free vulnerabilities, heap buffer overflow vulnerabilities, memory corruption vulnerabilities, and vulnerabilities that allow bypass of Javascript API execution restrictions. All of these are truly dangerous and show why the patches are rated as critical.

As Kaspersky Lab pointed out in their analysis of the Adobe security bulletin, Adobe has not patched this many vulnerabilities in Reader and Acrobat since last May's 93 vulnerabilities. The last time there was a patch for these programs was in July, which resulted in a total of 38 patches. On the plus side, there has been a decrease in patches needed for Flash, which went from last month's number of 29 to October's 12.

For IT pros, it is imperative that even though the list is extensive, you implement these Adobe patches as soon as possible. The company has stated that there are no known incidents of these vulnerabilities being exploited, but it is only a matter of time until a hacker does so. This is especially true in the case of Adobe products that have such a wide user base.

In many ways it is very concerning that Adobe is continuously patching so many critical vulnerabilities. I'll unpack that statement. While it is great that the security division at the company is able to discover and fix the flaws, why are so many critical vulnerabilities occurring in the first place? I fully accept that programming errors are always an occupational hazard, but considering the popularity of Adobe products, I really think the company should evaluate why critical flaws occur so frequently.

Photo credit: Adobe

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Share
Published by
Derek Kortepeter
Tags adobepatch

Recent Posts

Hardware RAID vs. software RAID: Pros and cons for each

RAID is a technique to virtualize independent disks into arrays for improved performance. Should you…

3 days ago

After the plague: What IT will look like in a post-COVID-19 world

COVID-19 has changed everything, but once it disappears, we will not go back to how…

3 days ago

Solved: Outlook defaults to Microsoft 365 version with Exchange server

An Exchange server with a hybrid connection to Microsoft 365 is usually pretty seamless —…

4 days ago

How chatbots are changing the way teams communicate internally

Chatots are primarily thought of as consumer-facing solutions. They bring life to customer interactions by…

4 days ago

Hakbit ransomware campaign targeting specific European countries

The newly uncovered Hakbit ransomware campaign spread via spear-phishing emails may indicate a shift in…

4 days ago

Credential stuffing: Everything you need to know to avoid being a victim

Credential stuffing is yet another weapon being used by cybercriminals. Here’s what credential stuffing is…

5 days ago