Was that November's Patch Tuesday? Already? Oh, no, it's just Adobe issuing 14 emergency security fixes

Was that November's Patch Tuesday? Already? Oh, no, it's just Adobe issuing 14 emergency security fixes

Adobe on Tuesday published updated versions of its Acrobat and Reader software to fix fourteen flaws, four of which have been designated "critical." These updates should be installed as soon as possible to close off their vulnerabilities.


The security bulletin (APSB20-67) covers Acrobat DC, Acrobat Reader DC, Acrobat 2020, Acrobat Reader 2020, Acrobat 2017, and Acrobat Reader 2017 for macOS and Windows.


It flags fourteen CVEs:



Vulnerability Category
Vulnerability Impact
Severity
CVE Number
Heap-based buffer overflow
Arbitrary Code Execution           
Critical 

CVE-2020-24435



Improper access control
Local privilege escalation 
Important
CVE-2020-24433
Improper input validation
Arbitrary JavaScript Execution
Important
CVE-2020-24432
Signature validation bypass
Minimal (defense-in-depth fix)
Moderate
CVE-2020-24439
Signature verification bypass
Local privilege escalation
Important 
CVE-2020-24429
Improper input validation
Information Disclosure   
Important 
CVE-2020-24427
Security feature bypass
Dynamic library injection
Important 
CVE-2020-24431
Out-of-bounds write   
Arbitrary Code Execution       
Critical 
CVE-2020-24436
Out-of-bounds read   
Information Disclosure   
Moderate

CVE-2020-24426


CVE-2020-24434



Race Condition
Local privilege escalation
Important 
CVE-2020-24428
Use-after-free     
Arbitrary Code Execution       
Critical 

CVE-2020-24430


CVE-2020-24437



Use-after-free
Information Disclosure
Moderate
CVE-2020-24438

None of the CVEs identified have yet been named by CERT/CC's Vulnonym bot, so we have that to look forward to. At the time this article was filed, the most recent CVE bestowed with a name was an IBM App Connect Enterprise Certified Container click hijacking bug (CVE-2020-4785), dubbed "Whacking Mouflon." (A mouflon, in case you were wondering, is a wild sheep associated with the islands of Corsica and Sar ..