Adobe has released an important security update for its popular PDF products, Adobe Acrobat and Reader.
The company has released an update for the PDF software for Windows and macOS machines. The update addresses nine critical flaws and four vulnerabilities rated as important.
The critical flaws include an out-of-bounds write, a stack-based overflow flaw, a use-after-free, buffer overflow, and memory corruption bug.
All the critical flaws allow for arbitrary code execution, meaning attackers could use them to rig a PDF to install malware on a computer running a vulnerable version of the software.
Adobe said it was not aware of any exploits in the wild for any of the issues addressed in these updates.
Adobe notably didn’t release security updates this month in line with Microsoft’s Patch Tuesday as it usually does. Its February update addressed 12 critical vulnerabilities affecting its Acrobat PDF products.
The March Patch Tuesday update from Microsoft was its largest ever, fixing 115 vulnerabilities including the wormable Windows 10 SMBv3 vulnerability that it accidentally leaked details about. Microsoft last week released an out-of-band fix for the flaw, tracked as CVE-2020-0796.
Adobe’s updates are available for Acrobat DC, Acrobat Reader DC, Acrobat 2017, Acrobat Reader 2017, Acrobat 2015 and Acrobat Reader 2015.
The new round of security updates follows an out-of-band patch on February 20 to address a flaw affecting the Adobe Media Encoder on Windows and another affecting Adobe After Effects on Windows.
The 13 newly disclosed Acrobat flaws are tracked as CVE-2020-3795, CVE-2020-3799, CVE-2020-3800, CVE-2020-3804, CVE-2020-3806, CVE-2020-3807, CVE-2020-3803, CVE-2020-3792, CVE-2020-3793, CVE-2020-3801, CVE-2020-3802, CVE-2020-3805, CVE-2020-3797.