Delayed Adobe patches fix long list of critical flaws
Notice anything missing from last week’s Microsoft Patch Tuesday?
Obscured by a long list of Microsoft patches and some fuss about a missing SMB fix, the answer is Adobe, which normally times its update cycle to coincide with the OS giant’s monthly schedule.
It’s mostly a practical convenience – admins and end-users get all the important client patches at once, which includes Adobe’s ubiquitous Acrobat and Reader software.
And yet March’s roster was Adobe-less. This week the company made amends, issuing fixes for an unusually high CVE-level 41 vulnerabilities, 21 of which are rated critical.
It’s not clear what caused the delay although it might simply be their number and the need to finalise patches before making them public.
The two patching hotspots are the 22 CVEs in Photoshop and 13 in Acrobat and Reader.
Of these, 16 uncovered in Photoshop/CC for Windows and macOS are rated critical compared to a more modest 9 in Acrobat and Reader.
That said, Reader is widely used on Windows and Macs, which is why admins will probably zero in on those as the top priority.