Security Experts:

Adobe to Patch Critical Vulnerabilities in Reader, Acrobat

On Tuesday, May 12, Adobe will release security updates to address critical vulnerabilities discovered in Adobe Reader and Adobe Acrobat for Windows and Mac.

Adobe has not provided too much information in the prenotification security advisory published on Thursday, but the company has revealed that the issues affect Acrobat and Reader XI (11.0.10) and earlier versions, and Acrobat and Reader X (10.1.13) and earlier versions.

While the vulnerabilities that will be patched next week are considered critical, Adobe has assigned them a priority rating of 2. Updates with this priority rating address security bugs in a product that has historically been at elevated risk. Such flaws are not currently exploited in the wild and the company doesn’t expect them to be exploited too quickly.

Administrators are advised by the company to apply such updates within 30 days.

Vulnerabilities are often identified in Adobe products, especially Flash Player. Up until this point in 2015, Adobe released six security bulletins for Flash Player. The updates address tens of flaws, including zero-days that had been exploited in the wild before a patch was available.

Last month’s Flash Player updates fixed a total of 22 vulnerabilities, including one that has been exploited in the wild.

Adobe announced in March the launch of a bug bounty program for the company’s web applications. The program, hosted on the HackerOne platform, has already helped the company close more than 50 vulnerabilities, despite the fact that it’s not offering any monetary rewards to researchers who report bugs.

view counter
Eduard Kovacs is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.