SecPod

Learn Search

Search across all Learn content

← Back to Security Research
Adobe releases Out-of-band Security Updates

Adobe releases Out-of-band Security Updates

Oct 15, 2019By Vidita V Koushik3 min read

Adobe released out of band patch security updates for four products. These updates addressed a total of 82 vulnerabilities. 46 vulnerabilities are rated critical and 31 vulnerabilities are rated important in severity. All the critical vulnerabilities lead to Arbitrary Code Execution and 34 vulnerabilities lead to disclosure of sensitive information.

Adobe Acrobat and Reader

68 vulnerabilities were addressed in Adobe Acrobat and Reader alone, out of which 45 vulnerabilities lead to Arbitrary Code Execution and the remaining 23 lead to Information Disclosure. The code execution flaws are rated critical and exist due to Out-of-band patch updates Bound Write, Use After Free, Heap Overflow, Buffer Overrun, Race Condition, Type Confusion, and Untrusted Pointer Dereference issues in the software.

Adobe Experience Manager and Adobe Experience Manager Forms

Adobe Experience Manager received updates which fixed 10 vulnerabilities leading to disclosure of sensitive information and 2 vulnerabilities leading to escalation of privilege and execution of arbitrary code. The Arbitrary Code Execution bug which existed due to a command injection issue was rated critical.

One vulnerability rated moderate in severity was fixed in Adobe Experience Manager Forms. This is a Reflected Cross-site Scripting vulnerability that leads to disclosure of sensitive information.

Adobe Download Manager

A privilege escalation vulnerability existed in Adobe Download Manager due to Insecure file permissions. This was fixed with an important update issued for Windows.

Affected products:

  • Adobe Acrobat and Reader
  • Adobe Experience Manager Forms
  • Adobe Experience Manager
  • Adobe Download Manager

Adobe Security Bulletin summary of out of band patch for October 2019:

Product : Adobe Acrobat and ReaderCVE’s/Advisory : APSB19-49, CVE-2019-8064, CVE-2019-8160, CVE-2019-8161, CVE-2019-8162, CVE-2019-8163, CVE-2019-8164, CVE-2019-8165, CVE-2019-8166, CVE-2019-8167, CVE-2019-8168, CVE-2019-8169, CVE-2019-8170, CVE-2019-8171, CVE-2019-8172, CVE-2019-8173, CVE-2019-8174, CVE-2019-8175, CVE-2019-8176, CVE-2019-8177, CVE-2019-8178, CVE-2019-8179, CVE-2019-8180, CVE-2019-8181, CVE-2019-8182, CVE-2019-8183, CVE-2019-8184, CVE-2019-8185, CVE-2019-8186, CVE-2019-8187, CVE-2019-8188, CVE-2019-8189, CVE-2019-8190, CVE-2019-8191, CVE-2019-8192, CVE-2019-8193, CVE-2019-8194, CVE-2019-8195, CVE-2019-8196, CVE-2019-8197, CVE-2019-8198, CVE-2019-8199, CVE-2019-8200, CVE-2019-8201, CVE-2019-8202, CVE-2019-8203, CVE-2019-8204, CVE-2019-8205, CVE-2019-8206, CVE-2019-8207, CVE-2019-8208, CVE-2019-8209, CVE-2019-8210, CVE-2019-8211, CVE-2019-8212, CVE-2019-8213, CVE-2019-8214, CVE-2019-8215, CVE-2019-8216, CVE-2019-8217, CVE-2019-8218, CVE-2019-8219, CVE-2019-8220, CVE-2019-8221, CVE-2019-8222, CVE-2019-8223, CVE-2019-8224, CVE-2019-8225, CVE-2019-8226Severity : CriticalImpact : Arbitrary Code Execution, Information Disclosure

Product : Adobe Experience Manager FormsCVE’s/Advisory : APSB19-50, CVE-2019-8089Severity : ModerateImpact : Information Disclosure

Product : Adobe Experience ManagerCVE’s/Advisory : APSB19-48, CVE-2019-8078, CVE-2019-8079, CVE-2019-8080, CVE-2019-8081, CVE-2019-8082, CVE-2019-8083, CVE-2019-8084, CVE-2019-8085, CVE-2019-8086, CVE-2019-8087, CVE-2019-8088, CVE-2019-8234Severity : CriticalImpact : Arbitrary Code Execution, Information Disclosure, Privilege Escalation

Product : Adobe Download ManagerCVE’s/Advisory : APSB19-51, CVE-2019-8071Severity : ImportantImpact : Privilege Escalation

Featured Posts

Open CVE-2026-31431: From 732 Bytes to Root - Anatomy of a Modern Linux Privilege Escalation

CVE-2026-31431: From 732 Bytes to Root - Anatomy of a Modern Linux Privilege Escalation

CVE Research

CVE-2026-31431: From 732 Bytes to Root - Anatomy of a Modern Linux Privilege Escalation

Jun 24, 2026

Open CVE-2026-31431: The Nine-Year Kernel Bug Hiding in Plain Sight

CVE-2026-31431: The Nine-Year Kernel Bug Hiding in Plain Sight

CVE Research

CVE-2026-31431: The Nine-Year Kernel Bug Hiding in Plain Sight

Jun 23, 2026

Open Squidbleed: A 29-Year-Old Squid Proxy Flaw That Leaks Cleartext HTTP Requests
Squidbleed: A 29-Year-Old Squid Proxy Flaw That Leaks Cleartext HTTP Requests

CVE Research

Squidbleed: A 29-Year-Old Squid Proxy Flaw That Leaks Cleartext HTTP Requests

Jun 23, 2026

Open AryStinger Malware Leverages 4,300+ Legacy Routers to Establish Persistent Spy Infrastructure
AryStinger Malware Leverages 4,300+ Legacy Routers to Establish Persistent Spy Infrastructure

CVE Research

AryStinger Malware Leverages 4,300+ Legacy Routers to Establish Persistent Spy Infrastructure

AryStinger represents a calculated shift in IoT threat methodology, abandoning noisy, destructive payloads in favor of silent, long-term reconnaissance infrastructure. By exploiting unpatched, end-of-life routers and NAS devices through decade-old vulnerabilities, the threat operator has assembled a distributed fleet of over 4,300 Executor nodes capable of conducting parallelized DNS enumeration, port scanning, and service fingerprinting at scale, all while masking origin behind residential IP addresses. With active development ongoing and a potential operational timeline stretching back to 2024, AryStinger underscores a growing and underappreciated risk: forgotten edge hardware is not merely a compliance gap but exploitable infrastructure.

Jun 23, 2026

Adobe releases Out-of-band Security Updates | SecPod