Adobe released a pre-announced out-of-band security updates to patch 82 security vulnerabilities across its various products. The products that got the security patches include Adobe Acrobat and Reader, Adobe Experience Manager, Adobe Experience Manager Forms and Adobe Download Manager.
Out of 82 security vulnerabilities that were found, 45 are given the severity rate as critical. All of these flaws affect Adobe Acrobat and Reader and when exploited successfully, might lead to arbitrary code execution in the context of the current user.
26 of critical-rated vulnerabilities in Adobe Acrobat and Reader are found due to use-after-free, 6 due to out-of-bounds write, 4 are type confusion bugs, 4 due to untrusted pointer dereference, 3 are heap overflow bugs, one buffer overrun and one race condition issue.
Adobe Acrobat and Reader for operating systems, Microsoft Windows and Apple macOS has also received patches for 23 important-rated vulnerabilities that could lead to information disclosure attacks due to out-of-bounds read and cross-site scripting issues.
Adobe Experience Manager which is a comprehensive content management solution for developing websites, mobile apps and forms were patched to address a total of 12 vulnerabilities, of which 8 are rated as important, and the remaining are moderate in severity.
A moderate information disclosure issue found in Adobe Experience Manager Forms for all platforms and a privilege escalation flaw affecting Adobe Download Manager for Microsoft Windows are the remaining two flaws that were patched.
However, It is surprising to note that Adobe Flash Player did not receive any security patches this time. Adobe would stop providing updates for Flash Player by the end of 2020.
The company did not find any evidence of any of the exploitations in Adobe Acrobat and Reader and Experience Manager being exploited in the wild even though similar flaws have previously been seen exploited.
Also it is unlikely that the vulnerabilities in Adobe Experience Manager Forms and Adobe Download Manager be exploited in attacks.
The security vulnerabilities patched now in the Adobe updates are not publicly disclosed or found being exploited in the wild. But it is highly recommended that the users must download the latest versions of the affected software and apply patches at the earliest.
It is also possible to update it manually by choosing “Help → Check for Updates” in your Adobe software for Windows, macOS, Linux, and Chrome OS.