Critical Code Execution Flaws With Adobe Acrobat and Reader – Update Now!!
Adobe has released updates that fix twenty-six vulnerabilities in the Adobe Acrobat, Reader, and Lightroom products.
Out of 26 flaws, 11 are rated as critical, they could be exploited by hackers to run the arbitrary code remotely or to bypass security features on the vulnerable installations.
Adobe Acrobat and Reader | APSB20-48
Adobe released security updates for Adobe Acrobat and Reader for Windows and macOS, the updates cover critical and important vulnerabilities. Successful exploitation allows attackers to execute remote code in the context of the current user.
List of Vulnerabilities
| Vulnerability Category | Vulnerability Impact | Severity | CVE Number |
|---|---|---|---|
| Disclosure of Sensitive Data | Memory Leak | Important | CVE-2020-9697 |
| Security bypass | Privilege Escalation | Important | CVE-2020-9714 |
| Out-of-bounds write | Arbitrary Code Execution | Critical | CVE-2020-9693CVE-2020-9694 |
| Security bypass | Security feature bypass | Critical | CVE-2020-9696CVE-2020-9712 |
| Stack exhaustion | Application denial-of-service | Important | CVE-2020-9702CVE-2020-9703 |
| Out-of-bounds read | Information disclosure | Important | CVE-2020-9723CVE-2020-9705CVE-2020-9706CVE-2020-9707CVE-2020-9710CVE-2020-9716CVE-2020-9717CVE-2020-9718CVE-2020-9719CVE-2020-9720CVE-2020-9721 |
| Buffer error | Arbitrary Code Execution | Critical | CVE-2020-9698CVE-2020-9699CVE-2020-9700CVE-2020-9701CVE-2020-9704 |
| Use-after-free | Arbitrary Code Execution | Critical | CVE-2020-9715CVE-2020-9722 |
Fixed versions
| Product | Track | Updated Versions | Platform | Priority Rating | Availability |
|---|---|---|---|---|---|
| Acrobat DC | Continuous | 2020.012.20041 | Windows and macOS | 2 | Windows macOS |
| Acrobat Reader DC | Continuous | 2020.012.20041 | Windows and macOS | 2 | Windows macOS |
| Acrobat 2020 | Classic 2020 | 2020.001.30005 | Windows and macOS | 2 | Windows macOS |
| Acrobat Reader 2020 | Classic 2020 | 2020.001.30005 | Windows and macOS | 2 | Windows macOS |
| Acrobat 2017 | Classic 2017 | 2017.011.30175 | Windows and macOS | 2 | WindowsmacOS |
| Acrobat Reader 2017 | Classic 2017 | 2017.011.30175 | Windows and macOS | 2 | WindowsmacOS |
| Acrobat 2015 | Classic 2015 | 2015.006.30527 | Windows and macOS | 2 | WindowsmacOS |
| Acrobat Reader 2015 | Classic 2015 | 2015.006.30527 | Windows and macOS | 2 | WindowsmacOS |
Adobe Lightroom | APSB20-51
Adobe Lightroom Classic for Windows and macOS covers important security updates, successful exploitation of the vulnerability allows attackers to escalate privilege.
List of Vulnerabilities
| Vulnerability Category | Vulnerability Impact | Severity | CVE Numbers |
| Insecure Library Loading | Privilege escalation | Important | CVE-2020-9724 |
Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin.
This post Critical Code Execution Flaws With Adobe Acrobat and Reader – Update Now!! originally appeared on GB Hackers.
