Adobe’s May patch release fixed multiple vulnerabilities in Flash, Acrobat, and Reader which could lead to information disclosure or arbitrary code execution among other issues.
Overall, Adobe handled over 80 vulnerabilities which either ended up labeled critical or important.
In the case of Flash Player, the latest version for Windows, macOS, Linux and Chrome OS fixes a critical use-after-free vulnerability (CVE-2019-7837) that can end up exploited to execute arbitrary code in the context of the targeted user.
In addition, Adobe patched a critical file parsing vulnerability that can lead to remote code execution and an important information disclosure issue in Adobe Media Encoder version 13.0.2. The new version is 13.1.
The vulnerabilities are a critical use after free issue (CVE-2019-7842) and an issue labeled important that is an out of bounds read hole (CVE-2019-7844) that could lead to an information disclosure.
Adobe said as of now, there are no exploits leveraging the vulnerabilities.