Adobe today released important security updates for Acrobat and Acrobat Reader. The updates patch 47 vulnerabilities of which 24 are classified as critical. In the worst case, these vulnerabilities allow an attacker to take control over the system.
Only opening a malicious PDF file is sufficient to become a victim of such an attack. The other vulnerabilities made it possible for attackers to bypass security measures and to retrieve sensitive data about the system, including password hashes. Users are advised to update to Acrobat DC or Acrobat Reader version 2018.011.20040, Acrobat 2017 or Acrobat Reader 2017 version 2017.011.30080, Acrobat DC Classic or Acrobat Reader Classic version 2015.006.30418.
Updates can be downloaded from the Adobe website or through the automatic feature of the PDF reader.
Adobe advises to install the updates within the next 72 hours. Usually Adobe advises such small-time frames when a vulnerability is actively exploited or when there is a large risk on attacks. The company hasn’t disclosed whether today’s patched vulnerabilities are actively exploited in ‘the wild’.