14 DAY TRIAL // Adobe is currently preparing to deliver a new set of security fixes for its PDF rendering and manipulating software, Reader and Acrobat, respectively.
The company has not revealed the nature of the vulnerabilities, but it has announced that the updates will become available on Tuesday, May 12.
Glitches are critical, but exploits are not anticipated
News about the patches came on Thursday, when Adobe released a pre-notification security advisory on its bulletin board. The updates are for both Windows and OS X and refer to versions 10.1.13 and 11.0.10 of the software.
The developer advertises the vulnerabilities as having critical severity, which means that exploiting them would permit an attacker to run malicious code on the affected system, possibly without user’s knowledge.
Although the notification and the severity of the issues may sound alarming, the priority rating given by Adobe for performing the update is one notch lower than the highest.
According to Adobe’s system, problems marked with Priority 2 affect “a product that has historically been at elevated risk,” but there is no information about exploits and there is no indication that code leveraging them is likely to emerge.
Administrators are recommended to run the update within 30 days. In the case of first priority updates, it is advisable to apply the patch within 72 hours from release because there is a higher risk of exploitation in the wild.
Last time, Adobe addressed 20 vulnerabilities
The last security update for Adobe Reader and Acrobat was delivered in December 2014 and included fixes for 20 vulnerabilities. They were considered critical and received the highest priority rating.
Most of the fixes addressed memory corruption problems that could allow a threat actor to execute code on the target system.
Security experts from Google (either from Project Zero or the Security Team) discovered and reported half of the total glitches.
There is no indication that the update on Tuesday will also be correcting such a large number of issues in the products, though.