Adobe Fixes Critical Security Vulnerabilities In Acrobat, Reader

Adobe has released security updates to address critical severity vulnerabilities affecting Adobe Acrobat and Reader for Windows and macOS that could enable attackers to execute arbitrary code on vulnerable devices.

In all, the company today addressed 14 security flaws affecting the two products, 10 of them rated as either critical or important severity bugs.

These bugs may allow arbitrary code execution, local privilege escalation, information disclosure, arbitrary JavaScript execution, and dynamic library injection.

Adobe categorized the security updates as priority 2 updates which means that they address vulnerabilities with no public exploits in products that have “historically been at elevated risk.”

The full list of vulnerabilities fixed today is available in the table embedded below, together with their severity ratings and assigned CVE numbers.

Also Read: The Top 10 Best And Trusted List Of Lawyers In Singapore

Vulnerability Category	Vulnerability Impact	Severity	CVE Number
Heap-based buffer overflow	Arbitrary Code Execution	Critical	CVE-2020-24435
Improper access control	Local privilege escalation	Important	CVE-2020-24433
Improper input validation	Arbitrary JavaScript Execution	Important	CVE-2020-24432
Signature validation bypass	Minimal (defense-in-depth fix)	Moderate	CVE-2020-24439
Signature verification bypass	Local privilege escalation	Important	CVE-2020-24429
Improper input validation	Information Disclosure	Important	CVE-2020-24427
Security feature bypass	Dynamic library injection	Important	CVE-2020-24431
Out-of-bounds write	Arbitrary Code Execution	Critical	CVE-2020-24436
Out-of-bounds read	Information Disclosure	Moderate	CVE-2020-24426 CVE-2020-24434
Race Condition	Local privilege escalation	Important	CVE-2020-24428
Use-after-free	Arbitrary Code Execution	Critical	CVE-2020-24430 CVE-2020-24437
Use-after-free	Information Disclosure	Moderate	CVE-2020-24438

Adobe recommends customers to update the vulnerable products to the latest versions as soon as possible to block attacks that could lead to unpatched installations’ exploitation.

Depending on their preferences, users can update their Adobe Acrobat and Reader products to the latest patched versions using one of the following approaches:

• Users can update their product installations manually by choosing Help > Check for Updates.
• The products will update automatically, without requiring user intervention, when updates are detected.
• The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center.

IT admins can also deploy the security updates in managed environments using the enterprise installers available through Adobe’s public FTP server or by using Windows/macOS remote management solutions.

Also Read: The Importance Of Knowing Personal Data Protection Regulations

Last month, Adobe patched 18 critical security bugs affecting ten of its Windows and macOS products that could be exploited to execute arbitrary code.

The software products patched by Adobe in October include Adobe Creative Cloud Desktop Application, Adobe InDesign, Adobe Media Encoder, Adobe Premiere Pro, Adobe Photoshop, Adobe After Effects, Adobe Animate, Adobe Dreamweaver, Adobe Illustrator, and Marketo.

In October, the company also addressed a critical Adobe Flash Player remote code execution vulnerability that could be exploited by simply visiting a maliciously crafted website.