Adobe is readying its scheduled quarterly update that will address several bugs in its Reader and Acrobat software.
All of the vulnerabilities being patched are rated critical, said Adobe in its pre-notification Security Advisory on 9 June. Adobe is expected to roll out the quarterly security updates for Adobe Reader and Acrobat on 14 June, the same day as Microsoft’s large June Patch Tuesday release.
Adobe defines critical vulnerabilities as those which would allow attackers to execute malicious code.
The patches will fix bugs in Adobe Reader and Acrobat X as well as versions 9.4.3 and earlier for both Windows and Mac OS X, according to the pre-notification. Adobe Reader for Android does not seem to be included in the update.
Adobe has released a number of patches in the past few months closing zero-day vulnerabilities in Flash, Reader and Acrobat. The company released an emergency patch just four days ago to close a universal cross-site scripting vulnerability in Flash that was being actively exploited.
The company noted at the time that the cross-site scripting flaw also affected the authplay.dll component in Reader and Acrobat. This particular issue is supposed to be fixed for Reader and Acrobat X and earlier 10.x and 9.x versions for both Windows and Mac OS X in this update.
In March and April, Adobe issued out-of-band updates for all versions except Reader and Acrobat X to close security holes that allowed attackers to embed malicious Flash code into other documents. The company deferred updates to these two applications to the scheduled quarterly update because their sandbox architecture prevented the rogue Flash files from executing. Since the sandbox effectively shut down any exploits from compromising the system, the severity was lessened, according to Adobe.
“These vulnerabilities have been sitting idle,” Miller said.
Large updates from Adobe and Microsoft are coming out on the same day, and Oracle just released a fairly large update to fix remote control execution vulnerabilities in Java. System administrators will have to “parse through” a lot of information once all the updates are live, according to Miller.
Microsoft said in its June Patch Tuesday preview it will fix nine critical and seven important vulnerabilities. Ten of the vulnerabilities could result in remote code execution. While it is a “heavy” release, Miller had expected to see an even larger update for June.
“We welcome, accept and look forward to the challenge of supporting as many patches as possible,” Miller said.
Administrators will have to “closely plan” how they will test and deploy all these updates, according to Wolfgang Kandek, CTO for Qualys.
“This will be a long hot summer for IT professionals and there is just no room to slow down,” said Paul Henry, security and forensic analyst for Lumension.
Thoma Bravo agrees to acquire Darktrace for $5.32 billion in cash, delivering some welcome news…
Customer adoption of AI services embedded in cloud services continues to deliver results for Microsoft,…
TikTok's 'secret source' algorithm is so core to ByteDance, it would rather shut down US…
After relocating from California to Texas in 2020, Oracle's Larry Ellison now reveals plan to…
Share price hit after Meta admits heavy AI spending plans, after posting strong first quarter…
For third time Google delays phase-out of third-party Chrome cookies after pushback from industry and…