Adobe issued its February Patch Tuesday that fixes a Zero Day in Reader in addition to other holes in Acrobat, Flash, ColdFusion, and Creative Cloud.

The Zero Day, which ended up disclosed in January, could lead to the theft of hashed password values. A micropatch ended up published by 0patch earlier this week.

Microsoft Patch Tuesday Fixes Zero Day
Adobe Reader Zero Day Micropatch Released
Adobe Clears Experience Manager Holes
Flash by Default Ending in Firefox

Overall, Adobe said 43 of the vulnerabilities in Acrobat and Reader are critical. In addition, there are 28 vulnerabilities labeled important.

The main release focuses on Acrobat DC and Reader DC versions 2019.010.20069 and earlier, Acrobat Classic 2017 and Acrobat Reader 2017 versions 2017.011.30113 and earlier.

Schneider Bold

Acrobat DC and Acrobat Reader DC Classic 2015 are all affected on Windows and macOS machines.

Vulnerabilities fixed include buffer errors, sensitive data leakage, an integer overflow vulnerability which could lead to information disclosure, a double-free bug, security bypass problems, and use-after-free issues leading to arbitrary code execution.

Pin It on Pinterest

Share This