Adobe has released security updates for Adobe Acrobat, Reader, and Adobe DNG Software Development Kit that address thirty-six security vulnerabilities in Adobe Acrobat, Reader, and Adobe DNG Software Development Kit.
Sixteen vulnerabilities addressed by Adobe have been rated as ‘Critical’ and could be exploited by attackers to execute arbitrary code or to bypass.
“Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.” reads the Security Update for Adobe Acrobat and Reader (APSB20-24)
Adobe fixes a total of 24 vulnerabilities in Acrobat and Reader, 12 of them rated as ‘Critical’ severity. The remaining issues, rated as important severity, are denial of service or information disclosure vulnerabilities.
|Vulnerability Category||Vulnerability Impact||Severity||CVE Number|
|Null Pointer||Application denial-of-service||Important||CVE-2020-9610|
|Heap Overflow||Arbitrary Code Execution||Critical||CVE-2020-9612|
|Race Condition||Security feature bypass||Critical||CVE-2020-9615|
|Out-of-bounds write||Arbitrary Code Execution||Critical||CVE-2020-9597CVE-2020-9594|
|Security bypass||Security feature bypass||Critical||CVE-2020-9614CVE-2020-9613CVE-2020-9596CVE-2020-9592|
|Stack exhaustion||Application denial-of-service||Important||CVE-2020-9611|
|Out-of-bounds read||Information disclosure||Important||CVE-2020-9609CVE-2020-9608CVE-2020-9603CVE-2020-9602CVE-2020-9601CVE-2020-9600CVE-2020-9599|
|Buffer error||Arbitrary Code Execution||Critical||CVE-2020-9605CVE-2020-9604|
|Use-after-free||Arbitrary Code Execution||Critical||CVE-2020-9607CVE-2020-9606|
|Invalid memory access||Information disclosure||Important||CVE-2020-9598CVE-2020-9595CVE-2020-9593|
Adobe addressed twelve vulnerabilities in the Adobe DNG Software Development Kit for Windows and MacOS, four of them rated as ‘Critical’ severity while the remaining ones are classified as ‘Important’.
“Adobe has released an update for the Adobe DNG Software Development Kit (SDK) for Windows and macOS. This update resolves multiple critical Heap Overflow and important Out-of-Bounds Read vulnerabilities that could lead to Remote Code Execution and Information Disclosure, respectively.” reads the security update for Software Development Kit (SDK) (APSB20-26).
|Vulnerability Category||Vulnerability Impact||Severity||CVE Numbers|
|Heap Overflow||Arbitrary Code Execution||Critical||CVE-2020-9589CVE-2020-9590 CVE-2020-9620 CVE-2020-9621|
|Out-of-Bounds Read||Information Disclosure||Important||CVE-2020-9622 CVE-2020-9623 CVE-2020-9624 CVE-2020-9625 CVE-2020-9626 CVE-2020-9627 CVE-2020-9628 CVE-2020-9629|
(SecurityAffairs – Adobe code execution, hacking)