Adobe has released security updates for Adobe Acrobat, Reader, and Adobe DNG Software Development Kit that address thirty-six security vulnerabilities in Adobe Acrobat, Reader, and Adobe DNG Software Development Kit.
Sixteen vulnerabilities addressed by Adobe have been rated as ‘Critical’ and could be exploited by attackers to execute arbitrary code or to bypass.
“Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.” reads the Security Update for Adobe Acrobat and Reader (APSB20-24)
Adobe fixes a total of 24 vulnerabilities in Acrobat and Reader, 12 of them rated as ‘Critical’ severity. The remaining issues, rated as important severity, are denial of service or information disclosure vulnerabilities.
|Vulnerability Category||Vulnerability Impact||Severity||CVE Number|
|Null Pointer||Application denial-of-service||Important||CVE-2020-9610|
|Heap Overflow||Arbitrary Code Execution||Critical||CVE-2020-9612|
|Race Condition||Security feature bypass||Critical||CVE-2020-9615|
|Out-of-bounds write||Arbitrary Code Execution||Critical||CVE-2020-9597CVE-2020-9594|
|Security bypass||Security feature bypass||Critical||CVE-2020-9614CVE-2020-9613CVE-2020-9596CVE-2020-9592|
|Stack exhaustion||Application denial-of-service||Important||CVE-2020-9611|
|Out-of-bounds read||Information disclosure||Important||CVE-2020-9609CVE-2020-9608CVE-2020-9603CVE-2020-9602CVE-2020-9601CVE-2020-9600CVE-2020-9599|
|Buffer error||Arbitrary Code Execution||Critical||CVE-2020-9605CVE-2020-9604|
|Use-after-free||Arbitrary Code Execution||Critical||CVE-2020-9607CVE-2020-9606|
|Invalid memory access||Information disclosure||Important||CVE-2020-9598CVE-2020-9595CVE-2020-9593|
Adobe addressed twelve vulnerabilities in the Adobe DNG Software Development Kit for Windows and MacOS, four of them rated as ‘Critical’ severity while the remaining ones are classified as ‘Important’.
“Adobe has released an update for the Adobe DNG Software Development Kit (SDK) for Windows and macOS. This update resolves multiple critical Heap Overflow and important Out-of-Bounds Read vulnerabilities that could lead to Remote Code Execution and Information Disclosure, respectively.” reads the security update for Software Development Kit (SDK) (APSB20-26).
|Vulnerability Category||Vulnerability Impact||Severity||CVE Numbers|
|Heap Overflow||Arbitrary Code Execution||Critical||CVE-2020-9589CVE-2020-9590 CVE-2020-9620 CVE-2020-9621|
|Out-of-Bounds Read||Information Disclosure||Important||CVE-2020-9622 CVE-2020-9623 CVE-2020-9624 CVE-2020-9625 CVE-2020-9626 CVE-2020-9627 CVE-2020-9628 CVE-2020-9629|
(SecurityAffairs – Adobe code execution, hacking)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.