In its Patch Tuesday release, Adobe fixed 113 vulnerabilities in its various product lines.
Along those lines, Adobe cleared 105 holes in Acrobat and Reader, two in Flash Player, three in Experience Manager, and three in Connect.
The latest versions of Acrobat and Reader for Windows and macOS address critical memory corruption bugs that can allow remote code execution, including double-free, heap overflow, use-after-free, out-of-bounds write, type confusion, untrusted pointer dereference, and buffer error issues.
Fixed vulnerabilities include a critical privilege escalation and out-of-bounds read issues that lead to information disclosure.
Flash Player version 126.96.36.199 resolves a critical type confusion issue that can lead to code execution and a flaw rated important that can result in information disclosure.
Fixes released by Adobe for Experience Manager patch three server-side request forgery (SSRF) vulnerabilities that can lead to the exposure of sensitive information, but none of the flaws are critical.
Updates released for Adobe Connect take care of authentication bypass and insecure library loading flaws.
Adobe said there are no malicious exploitation attempts to date for the vulnerabilities.