Last week, on the second Tuesday of the month, when large technology companies traditionally presented updates for their products, Adobe remained on the sidelines and seemed to intend to skip the October "Tuesday of updates." But, as it turned out, Adobe developers were just late with the release of patches and now immediately fixed 82 vulnerabilities in Acrobat, Reader, Experience Manager and Download Manager.
Most of the fixes apply to Acrobat and Reader, where they were fixed right away. 68 problems. In total, out of 82 vulnerabilities, 45 were rated as critical, and all of them relate specifically to Acrobat and Reader. For example, successful exploitation of some of these vulnerabilities is possible if you trick the victim into opening a malicious document, which will lead to the execution of arbitrary code with the rights of the current user.
Also 12 fixes got vulnerabilities in Adobe Experience Manager. The most serious bugs allow you to bypass the security mechanisms of the login, for which cross-site request forgery (XSRF), cross-site scripting (XSS) and authentication process vulnerabilities are used.
In the above Adobe Download Manager for Windows, they discovered only one important error allowing elevation of privileges.
Adobe developers claim that they are not aware of any of these vulnerabilities being exploited by cybercriminals, but still recommend that users install updates as quickly as possible.