It seems that Adobe has addressed many security holes in its Flash Player, Acrobat Reader and Creative Cloud. The October patch that has just been released by Adobe is fixing more than 80 vulnerabilities that the company has found in the three mentioned products.
It seems that Adobe’s latest patch did not have any zero-day vulnerabilities, meaning that all 84 bugs were well known by the company. The company also mentioned that many organizations and individuals have reported the issues, which include researchers from Trend Micro, Palo Alto Networks and Tencent.
We remind you that, back in March 2016, there was found a zero-day memory corruption vulnerability that was used to distribute ransomware. Adobe has reacted fast (maybe not fast enough) and it has released a patch for its Flash Player the following month.
Adobe’s programs are known for having some big security issues and the company needs to do something about or it will lose a good amount of money soon.
Reasons Why You Should Update
First of all, you should know that Adobe’s Priority and Severity rating systems for Security Bulletins have categorized the update for Flash Player a “top priority” for users. The new patch has been released for Windows, Macintosh, ChromeOS and Linux and it prevents hackers from taking control of the affected system via remote code execution.
At the same time, Acrobat Reader application has a priority 2 ranking. For now, there is no known exploit, but the application had security issues in the past.
Adobe is suggesting administrators to install the update for Windows and Macintosh as soon as possible (no later than 30 days) in order to avoid ransomware attacks.
On the other hand, users should not make any big issues regarding the Creative Cloud Desktop application, as Adobe has assigned a priority 3 rating. The update is just fixing an “unknown” search path vulnerability, which should not cause too much trouble.