Adobe October Security Advisories

Adobe released three security advisories today fixing 84 security issues in total. This is a big number but the silver lining is that none of the patches released today were for 0-day vulnerabilities.  All vulnerabilities were privately reported to Adobe and so far none seem to be exploited before the release of their respective patch.

APSB16-32 patches 12 vulnerabilities in Flash player and gets a priority rating of 1. Flash has been targets by Exploit Kits like Rig, Neutrino and Angler and we agree that it should be patched as soon as possible. If left un-patched the vulnerability has a potential to allow attackers to take control of the affected system. It affects the Windows, Mac and Linux runtime as well as flash player for Internet Explorer, Edge and Chrome.

APSB16-33 patches 71 vulnerabilities in the Adobe Acrobat and Reader. It has a priority rating of 2, but we think that it should be considered with the same priority as the Flash bulletin. If left unpatched, attackers have a potential to take control of the affected system.

APSB16-34 patches 1 vulnerability in the Adobe Creative Cloud Desktop. Since it is local privilege elevation vulnerability an attacker needs valid credentials to launch an attack.

Overall a lot of vulnerabilities are fixed in Adobe core components and we will see how fast attackers are able to reverse these patches to learn about the vulnerabilities and start targeting un-patched systems. Therefore we recommend patching as soon as possible.