Adobe releases 8 critical patches: Top priority

Software company Adobe missed its deadline for releasing security patches last Tuesday, and with good reason – they had several security issues to fix. IT pros, take note. 

The September 10 patch day saw Adobe release a critical update for Flash, Flash browser plug-ins and Adobe AIR desktop. Seven days later, it’s announced eight critical patches for Adobe Reader and Acrobat.

The patches include fixes for:

  • a use-after-free vulnerability that could lead to code execution
  • a universal cross-site scripting (UXSS) vulnerability in Reader and Acrobat on Macs
  • a potential denial-of-service (DoS) vulnerability related to memory corruption
  • a heap overflow vulnerability that could lead to code execution
  • memory corruption vulnerabilities that could lead to code execution, and
  • a sandbox bypass vulnerability that could be exploited to run native code with escalated privileges on Windows.

While the vulnerabilities aren’t currently being exploited, they’re rated as a top priority (and will require a system restart). And with this announcement, the clock’s starting for attackers to attempt to take advantage of the flaws.

Adobe isn’t alone

Last Tuesday was a fairly busy one for updates. Microsoft also announced critical fixes for Internet Explorer versions 6-11. It addressed 36 previously unknown vulnerabilities.

While most companies fret over zero-day attacks – ones that are unknown to the software companies – staying on top of releases and updates is just as critical.

Otherwise attackers can use these updates as a guide for targeting unpatched systems before IT gets around to applying the fixes. It just stresses the importance of staying on top of security updates and vendor notices, or having a service that’ll do so for you.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy