Adobe released security updates for Acrobat, Acrobat Reader and Experience Manager, fixing 41 vulnerabilities.
The company cleared 39 flaws in its Acrobat and Reader products for Windows and Mac.
The holes, rated important and critical with a priority rating of 2, have been described as security mitigation bypass, heap overflow, use-after-free, out-of-bounds read, and out-of-bounds write weaknesses that can be exploited for privilege escalation or arbitrary code execution.
The flaws impact version 2018.009.20050 and earlier of Acrobat DC Continuous Track, version 2017.011.30070 and earlier of Acrobat 2017, and versions 2015.006.30394 and earlier of Acrobat DC Classic Track.
More than half of the vulnerabilities ended up reported to Adobe by employees of China-based Tencent.
Experience Manager, the latest version of the enterprise content management solution, patched two vulnerabilities, including a reflected cross-site scripting (XSS) issue rated moderate, and an important XSS in the Apache Sling XSS protection API.
According to Adobe, exploitation of these flaws could allow attackers to obtain sensitive information.