Hello All,
Adobe has released security updates for Adobe Acrobat and Adobe Reader for Windows and macOS. These updates address critical, important and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Vulnerability Details
Vulnerability Category | Vulnerability Impact | Severity | CVE IDs |
Heap-based buffer overflow | Arbitrary Code Execution | Critical | CVE-2020-24435 |
Improper access control | Local privilege escalation | Important | CVE-2020-24433 |
Improper input validation | Arbitrary JavaScript Execution | Important | CVE-2020-24432 |
Signature validation bypass | Minimal (defense-in-depth fix) | Moderate | CVE-2020-24439 |
Signature verification bypass | Local privilege escalation | Important | CVE-2020-24429 |
Improper input validation | Information Disclosure | Important | CVE-2020-24427 |
Security feature bypass | Dynamic library injection | Important | CVE-2020-24431 |
Out-of-bounds write | Arbitrary Code Execution | Critical | CVE-2020-24436 |
Out-of-bounds read | Information Disclosure | Moderate | CVE-2020-24426 CVE-2020-24434 |
Race Condition | Local privilege escalation | Important | CVE-2020-24428 |
Use-after-free | Arbitrary Code Execution | Critical | CVE-2020-24430 CVE-2020-24437 |
Use-after-free | Information Disclosure | Moderate | CVE-2020-24438 |
Product | Track | Affected Versions | Updated Version | Platform |
Acrobat DC | Continuous | 2020.012.20048 and earlier versions | 2020.013.20064 | Windows & macOS |
Acrobat Reader DC | Continuous | 2020.012.20048 and earlier versions | 2020.013.20064 | Windows & macOS |
Acrobat 2020 | Classic 2020 | 2020.001.30005 and earlier versions | 2020.001.30010 | Windows & macOS |
Acrobat Reader 2020 | Classic 2020 | 2020.001.30005 and earlier versions | 2020.001.30010 | Windows & macOS |
Acrobat 2017 | Classic 2017 | 2017.011.30175 and earlier versions | 2017.011.30180 | Windows & macOS |
Acrobat Reader 2017 | Classic 2017 | 2017.011.30175 and earlier versions | 2017.011.30180 | Windows & macOS |
Adobe recommends users update their installations to the updated versions. To update these using Patch Manager Plus, initiate a synchronization between the Central Patch Repository and Patch Manager Plus server. Search for the following Patch IDs or Bulletin IDs and deploy them.
Patch Details:
Patch ID | Bulletin ID | Patch Description |
316824 | TU-072 | Adobe Acrobat Reader DC (Continuous Track) update - All languages (20.013.20064) (APSB20-67) |
316825 | TU-073 | Adobe Acrobat Reader MUI DC (Continuous Track) update - All languages (20.013.20064) (APSB20-67) |
316822 | TU-137 | Adobe Acrobat DC Pro and Standard (Continuous Track) update - All languages (20.013.20064) (APSB20-67) |
316821 | TU-753 | Adobe Acrobat 2017 Pro and Standard (Acrobat 2017 Track) update - All languages (17.011.30180) (APSB20-67) |
316823 | TU-754 | Adobe Acrobat Reader 2017 MUI (Classic Track) (17.011.30180) (APSB20-67) |
316830 | TU-1178 | Adobe Acrobat Reader 2020 MUI (Classic Track) (20.001.30010) (APSB20-67) |
Cheers,
Team ManageEngine