Adobe Set to Patch Two Critical Flaws in Acrobat

Adobe has warned users that it plans to release two “critical” security updates for its Acrobat software on Tuesday.

The patches in question affect Adobe Acrobat versions XI (11.0.10 and earlier) and Acrobat X (10.1.13 and earlier).

Both have been given a rating of 2 by Adobe – that’s one down from the most critical according to the firm’s severity scale.

The flaws affect versions of the software on Macs and PCs, Adobe claimed in an advisory.

Adobe software has become a firm favorite with hackers over recent years thanks to its near ubiquity on the desktop.

Exacerbating the problem is the fact that many users fail to keep their software up to date, exposing themselves to unnecessary risk.

For example, Adobe Flash Player 16.x was named by Secunia as the most popular end-of-life program in the UK, with a market share of 81%, despite the fact that Adobe no longer releases patches for it.

To make matters worse, cyber-criminals are getting ever faster at weaponizing vulnerabilities they find in products.

In October last year, a vulnerability in Flash Player was incorporated into two major exploit kits just days after being patched by the firm.

Adobe will be hoping that the security fixes it releases tomorrow have no adverse affects on user machines.

Back in January an emergency patch issued for Flash Player failed to work; it was soon seen in a successful malvertising campaign, being used by the Angler exploit kit in attacks designed to hijack PCs and download ransomware.

In a bid to improve its ability to spot flaws in its products, Adobe launched a web app vulnerability disclosure program in March.

However, unlike similar schemes run by Google, GitHub and others, Adobe claimed that it would not be awarding researchers with a cash prize for discovering flaws.

What’s Hot on Infosecurity Magazine?