Sharing is caring!

On October 6, Adobe released security updates for Adobe Acrobat and Reader on Windows and Mac platforms that addressed critical vulnerabilities that might allow attackers to take control of a system that has been affected. The release was updated on October 11.

These were the following products affected along with their versions:

  • Acrobat DC (Continuous) – version 15.017.20053 and earlier
  • Acrobat Reader DC (Continuous) – version 15.017.20053 and earlier
  • Acrobat DC (Classic) – version 15.006.30201 and earlier
  • Acrobat Reader DC (Classic) – version 15.006.30201 and earlier
  • Acrobat XI (Desktop) – version 11.0.17 and earlier
  • Reader XI (Desktop) – version 11.0.17 and earlier

These are the first patches released by Adobe for Acrobat and Reader since July which addressed 38 issues. While this current update corrects 71 issues, it’s not the largest number of issues fixed. That record belongs to the update released in May which addressed a whopping 93 vulnerabilities.

This October release address issues such as memory corruption, use-after-free and buffer overflow. All of these can result in code execution in the software. The release also resolves various methods to bypass restrictions on JavaScript API execution as well as a security bypass vulnerability. Lastly, the update also resolves an integer overflow vulnerability that may lead to code execution.

After the release, the versions for Acrobat DC and Reader DC should be 15.006.30243 while Acrobat XI and Reader XI should be 11.0.18. Acrobat DC (Continuous) should be version 15.020.20039 after the update and the same thing goes for Acrobat Reader DC (Continuous). So after installation of the update, always check to see if the latest versions have been reflected.

Update methods

Users can update their version of Acrobat and Reader through the following:

  • Going to Help -> Check for Updates
  • Auto update (if selected)
  • Going to the Acrobat Reader Download Center

As mentioned, it’s been a while since Acrobat and Reader last received updates. Given the nature of the vulnerabilities this latest security update addresses, it’s best not to wait any longer to update your own product installations. After all, the last thing anything wants is for their system to be controlled by attackers.

Every techie needs a pair of sick headphones. Neurogadget recommends these Audio Technica Professional Studio Monitor Headphones for both their quality and their cool-factor.