Adobe has released security updates for Adobe Acrobat and Adobe Reader that fix numerous vulnerabilities ranging from information disclosure to arbitrary code execution.
Adobe usually releases security updates in conjunction with Microsoft’s Patch Tuesday security updates, but this month nothing was released at that time.
Today, Adobe has released security updates that fix 13 vulnerabilities, with 4 rated as ‘Important’ as they lead to information disclosure or privilege escalation.
The other 9 are rated as ‘Critical’ because they could allow an attacker to create malicious PDFs or other malicious actions that could exploit these vulnerabilities to execute commands on the affected computer.
13 vulnerabilities fixed
The vulnerabilities fixed in ‘Security Bulletin for Adobe Acrobat and Reader | APSB20-13‘ security updates are:
|Vulnerability Category||Vulnerability Impact||Severity||CVE Number|
|Out-of-bounds read||Information Disclosure||Important|
|Out-of-bounds write||Arbitrary Code Execution||Critical||CVE-2020-3795|
|Stack-based buffer overflow||Arbitrary Code Execution||Critical||CVE-2020-3799|
|Use-after-free||Arbitrary Code Execution||Critical|
|Memory address leak||Information Disclosure||Important||CVE-2020-3800|
|Buffer overflow||Arbitrary Code Execution||Critical||CVE-2020-3807|
|Memory corruption||Arbitrary Code Execution||Critical||CVE-2020-3797|
|Insecure library loading (DLL hijacking)||Privilege Escalation||Important||CVE-2020-3803|
Adobe recommends users upgrade to the latest versions of Acrobat DC, Acrobat Reader DC, Acrobat 2017, Acrobat Reader 2017, Acrobat 2015, and Acrobat Reader 2015.