Another month, another monster series of patches from Adobe

Patch-mad Adobe releases fixes for 69 critical vulnerabilities

Adobe has released yet another jumbo series of patches intended to address 69 critical vulnerabilities in its Acrobat, Acrobat Reader and Flash applications - with the bulk of the security flaws, 56 in total, in the almost ubiquitous Acrobat and Reader software.

The latest patches follow a year in which Adobe has come under fierce criticism for the number and severity of flaws in its software, which can be partly attributable to the introduction, several years ago, of Javascript capabilities in Acrobat. This was intended to bring interactivity into the document software enabling, for example, forms to be created that could be filled out and submitted electronically.

However, that also increased the ability of the software to be used to interact outside of the sandbox in which it is intended solely to work.

The new series of patches, identified as APSB15-24 and APSB15-25, affects Adobe software running on Windows, Mac, Linux, Android, iOS and even ChromeOS.

The vulnerabilities include remote-code execution flaws, buffer overflow vulnerabilities and memory corruption vulnerabilities, as well as "various methods that could have been used to bypass restrictions on Javascript API execution, and resolve an issue that could have led to information disclosure via a bypass", according to Kaspersky's Threat Post website.

Users, advises Kaspersky, ought to upgrade their Flash software to version 19.0.0.207. Malware makers will almost certainly already be crafting exploits against many of the known vulnerabilities in current versions of Adobe's client applications.