Adobe Systems today issued patched updates for Acrobat and Reader, Flash Player, Experience Manager, and the Cloud Desktop Application, collectively fixing 11 vulnerabilities, two of them critical.
The two most serious bugs, both of which can result in arbitrary code execution, were discovered in multiple versions of Acrobat and Reader for Windows and macOS. The first is an out-of-bounds write (CVE-2018-12808) discovered by Cybellum Technologies LTD, and the second is an untrusted pointer dereference (CVE-2018-12799), reported by Abdul Aziz Hariri via Trend Micro’s Zero-Day Initiative.