Adobe has released Vulnerability-related.PatchVulnerability updates fixing Vulnerability-related.PatchVulnerability a long list of security vulnerabilities discovered Vulnerability-related.DiscoverVulnerability in the Mac and Windows versions of Acrobat and Reader . In total , the first October update brings 85 CVEs , including 47 rated as ‘ critical ’ with the remaining 39 classified as ‘ important ’ . It ’ s too early to get much detail on the flaws but those rated critical break down as 46 allowing code execution and one allowing privilege escalation . The majority of the flaws rated important involve out-of-bounds read issues leading to information disclosure . As far as Adobe is aware , none are being actively exploited . The update you should download depends on which version you have installed : For most Windows or Mac users it ’ ll be either Acrobat DC ( the paid version ) or Acrobat Reader DC ( free ) so look for update version 2019.008.20071 . For anyone on the classic Acrobat 2017 or Acrobat Reader DC 2017 , it ’ s version 2017.011.30105 . Those on the even more classic Acrobat DC ( 2015 ) or Acrobat Reader DC ( 2015 ) it ’ s version 2015.006.30456 . Anyone who still has the old Acrobat XI or Reader XI on their computer , the last version was 11.0.23 when support for this ended a year ago . A sign of success ? There was a time when having to patch Vulnerability-related.PatchVulnerability so many flaws in a small suite of products from one company would have been seen as a failure . Arguably , these days , it ’ s a sign of success – researchers are devoting the time to finding Vulnerability-related.DiscoverVulnerability vulnerabilities before the bad guys do and Adobe is turning around fixes . What ’ s surprising is that despite crediting every one of them ( and it ’ s quite a list ) , the company doesn ’ t seem to have a formal bug bounty reward program other than the separate web applications program run via third party company , HackerOne . If Adobe ’ s 85 vulnerabilities sounds excessive , have some sympathy for users of the rival Foxit PDF Reader and Foxit PhantomPDF programs . Foxit last week released what appears to be Vulnerability-related.DiscoverVulnerability 116 vulnerabilities of their own ( confusingly , many of which are not yet labelled with CVEs Vulnerability-related.DiscoverVulnerability ) . For some reason , the number of flaws being found Vulnerability-related.DiscoverVulnerability in Foxit ’ s programs has surged this year , reaching 183 before this September ’ s count , compared to 76 for the whole of 2017 . As for Adobe , these updates are unlikely to be the last we hear of the company this month – expect the usual flaws to be patched Vulnerability-related.PatchVulnerability in Adobe ’ s legacy Flash plug-in when Microsoft releases Vulnerability-related.PatchVulnerability its Windows Patch Tuesday on 9 October .