Adobe releases security updates for Adobe Acrobat & Adobe Reader

Adobe releases security updates for Adobe Acrobat & Adobe Reader

Hello All,

 

Adobe has released security updates for Adobe Acrobat and Adobe Reader for Windows and macOS. These updates address critical, important and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user. 

 

Vulnerability Details


Vulnerability Category
Vulnerability Impact
Severity
CVE IDs
Heap-based buffer overflow
Arbitrary Code Execution
Critical 
CVE-2020-24435
Improper access control
Local privilege escalation
Important
CVE-2020-24433
Improper input validation
Arbitrary JavaScript Execution
Important
CVE-2020-24432
Signature validation bypass
Minimal (defense-in-depth fix)
Moderate
CVE-2020-24439
Signature verification bypass
Local privilege escalation
Important
CVE-2020-24429
Improper input validation
Information Disclosure
Important
CVE-2020-24427
Security feature bypass
Dynamic library injection
Important
CVE-2020-24431
Out-of-bounds write
Arbitrary Code Execution
Critical 
CVE-2020-24436
Out-of-bounds read
Information Disclosure
Moderate
CVE-2020-24426 
CVE-2020-24434
Race Condition
Local privilege escalation
Important
CVE-2020-24428
Use-after-free 
Arbitrary Code Execution
Critical 
CVE-2020-24430
CVE-2020-24437
Use-after-free 
Information Disclosure
Moderate
CVE-2020-24438


Affected Product Versions & Updated Versions

Product
Track
Affected Versions
Updated Version
Platform
Acrobat DC 
Continuous 
2020.012.20048 and earlier versions    
2020.013.20064
Windows & macOS
Acrobat Reader DC
Continuous 
2020.012.20048 and earlier versions
2020.013.20064
Windows & macOS
Acrobat 2020
Classic 2020
2020.001.30005 and earlier versions
2020.001.30010
Windows & macOS
Acrobat Reader 2020
Classic 2020   
2020.001.30005 and earlier versions
2020.001.30010
Windows & macOS
Acrobat 2017
Classic 2017
2017.011.30175  and earlier versions
2017.011.30180
Windows & macOS
Acrobat Reader 2017
Classic 2017
2017.011.30175  and earlier versions
2017.011.30180
Windows & macOS
 

Adobe recommends users update their installations to the updated versions. To update these using Vulnerability Manager Plus, initiate a synchronization between the Central Patch Repository and Vulnerability Manager Plus server. Search for the following Patch IDs or Bulletin IDs and deploy them. 

 

Patch Details:


Patch ID
Bulletin ID
Patch Description
316824
TU-072
Adobe Acrobat Reader DC (Continuous Track) update - All languages (20.013.20064) (APSB20-67)
316825
TU-073
Adobe Acrobat Reader MUI DC (Continuous Track) update - All languages (20.013.20064) (APSB20-67)
316822
TU-137
Adobe Acrobat DC Pro and Standard (Continuous Track) update - All languages (20.013.20064) (APSB20-67)
316821
TU-753

Adobe Acrobat 2017 Pro and Standard (Acrobat 2017 Track) update - All languages (17.011.30180) (APSB20-67)

 

316823
TU-754
Adobe Acrobat Reader 2017 MUI (Classic Track) (17.011.30180) (APSB20-67)
316830
TU-1178
Adobe Acrobat Reader 2020 MUI (Classic Track) (20.001.30010) (APSB20-67)
 

Cheers,

Team ManageEngine