Adobe on Tuesday published updated versions of its Acrobat and Reader software to fix fourteen flaws, four of which have been designated "critical." These updates should be installed as soon as possible to close off their vulnerabilities.
The security bulletin (APSB20-67) covers Acrobat DC, Acrobat Reader DC, Acrobat 2020, Acrobat Reader 2020, Acrobat 2017, and Acrobat Reader 2017 for macOS and Windows.
It flags fourteen CVEs:
Vulnerability Category
Vulnerability Impact
Severity
CVE Number
Heap-based buffer overflow
Arbitrary Code Execution
Critical
CVE-2020-24435
Improper access control
Local privilege escalation
Important
CVE-2020-24433
Improper input validation
Arbitrary JavaScript Execution
Important
CVE-2020-24432
Signature validation bypass
Minimal (defense-in-depth fix)
Moderate
CVE-2020-24439
Signature verification bypass
Local privilege escalation
Important
CVE-2020-24429
Improper input validation
Information Disclosure
Important
CVE-2020-24427
Security feature bypass
Dynamic library injection ..
Support the originator by clicking the read the rest link below.
