Adobe officially released the February product security update. This update includes 5 security bulletins for 42 security vulnerabilities in Framemaker, Experiment Manager, Adobe Digital Editions, Flash, Acrobat, and Reader. Details are as follows:
- The Framemaker update fixes 21 critical vulnerabilities, most of which could lead to out-of-bounds writing (OOB).
- Adobe Acrobat and Reader update fixed 17 vulnerabilities, seven of which are UAF vulnerabilities. The most serious of these vulnerabilities can cause remote code execution after a user opens a specially crafted file.
- The Flash update fixes a single type of obfuscation vulnerability that could allow a logged-in user to execute arbitrary code.
- The Adobe Digital Editions patch fixes two vulnerabilities, one of which could lead to a code injection vulnerability that could cause an attacker to execute arbitrary code remotely.
- The Experience Manager update fixes a denial of service vulnerability.
Adobe’s announcement states that none of these vulnerabilities have been disclosed and that they have not been exploited in the wild.
Users install the officially released patches in time to upgrade the application to the latest version to complete the vulnerability repair.