On Tuesday, May 12, Adobe will release security updates to address critical vulnerabilities discovered in Adobe Reader and Adobe Acrobat for Windows and Mac.
Adobe has not provided too much information in the prenotification security advisory published on Thursday, but the company has revealed that the issues affect Acrobat and Reader XI (11.0.10) and earlier versions, and Acrobat and Reader X (10.1.13) and earlier versions.
While the vulnerabilities that will be patched next week are considered critical, Adobe has assigned them a priority rating of 2. Updates with this priority rating address security bugs in a product that has historically been at elevated risk. Such flaws are not currently exploited in the wild and the company doesn’t expect them to be exploited too quickly.
Administrators are advised by the company to apply such updates within 30 days.
Vulnerabilities are often identified in Adobe products, especially Flash Player. Up until this point in 2015, Adobe released six security bulletins for Flash Player. The updates address tens of flaws, including zero-days that had been exploited in the wild before a patch was available.
Last month’s Flash Player updates fixed a total of 22 vulnerabilities, including one that has been exploited in the wild.
Adobe announced in March the launch of a bug bounty program for the company’s web applications. The program, hosted on the HackerOne platform, has already helped the company close more than 50 vulnerabilities, despite the fact that it’s not offering any monetary rewards to researchers who report bugs.
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation
- GoAnywhere MFT Users Warned of Zero-Day Exploit
- UK Car Retailer Arnold Clark Hit by Ransomware
- EV Charging Management System Vulnerabilities Allow Disruption, Energy Theft
- Unpatched Econolite Traffic Controller Vulnerabilities Allow Remote Hacking
- Google Fi Data Breach Reportedly Led to SIM Swapping
- Microsoft’s Verified Publisher Status Abused in Email Theft Campaign
- British Retailer JD Sports Discloses Data Breach Affecting 10 Million Customers
Latest News
- Microsoft: Iran Unit Behind Charlie Hebdo Hack-and-Leak Op
- Feds Say Cyberattack Caused Suicide Helpline’s Outage
- Big China Spy Balloon Moving East Over US, Pentagon Says
- Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty
- Cyber Insights 2023: Venture Capital
- Atlassian Warns of Critical Jira Service Management Vulnerability
- High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation
- Exploitation of Oracle E-Business Suite Vulnerability Starts After PoC Publication
