We are currently in a situation where we have thousands of Adobe Reader and Flash vulnerabilities across multiple assets. We have the full Adobe Acrobat application installed. I am wondering do we need to upgrade the full application or can we get away with updating just the effected apps (Reader and Flash)?
If Reader is installed, you should keep it up to date. It might be used instead of Acrobat, exposing to a vulnerability. You should set up a system for applying updates to Acrobat and Reader as soon as they are released and you have tested them. It is not worth the trouble for Flash, which has less than 4 months before it goes away forever. Perhaps the best thing you do now is uninstall it, to allow your users to discover what must be (at great speed) replaced.