Adobe issued its February Patch Tuesday that fixes a Zero Day in Reader in addition to other holes in Acrobat, Flash, ColdFusion, and Creative Cloud.
The Zero Day, which ended up disclosed in January, could lead to the theft of hashed password values. A micropatch ended up published by 0patch earlier this week.
Overall, Adobe said 43 of the vulnerabilities in Acrobat and Reader are critical. In addition, there are 28 vulnerabilities labeled important.
The main release focuses on Acrobat DC and Reader DC versions 2019.010.20069 and earlier, Acrobat Classic 2017 and Acrobat Reader 2017 versions 2017.011.30113 and earlier.
Acrobat DC and Acrobat Reader DC Classic 2015 are all affected on Windows and macOS machines.
Vulnerabilities fixed include buffer errors, sensitive data leakage, an integer overflow vulnerability which could lead to information disclosure, a double-free bug, security bypass problems, and use-after-free issues leading to arbitrary code execution.