Adobe Fixes Nine Critical Vulnerabilities in Reader, Acrobat

Adobe has released security updates for Adobe Acrobat and Adobe Reader that fix numerous vulnerabilities ranging from information disclosure to arbitrary code execution.

Adobe usually releases security updates in conjunction with Microsoft’s Patch Tuesday security updates, but this month nothing was released at that time.

Today, Adobe has released security updates that fix 13 vulnerabilities, with 4 rated as ‘Important’ as they lead to information disclosure or privilege escalation.

The other 9 are rated as ‘Critical’ because they could allow an attacker to create malicious PDFs or other malicious actions that could exploit these vulnerabilities to execute commands on the affected computer.

13 vulnerabilities fixed

The vulnerabilities fixed in ‘Security Bulletin for Adobe Acrobat and Reader | APSB20-13‘ security updates are:

Vulnerability Category Vulnerability Impact Severity CVE Number
Out-of-bounds read   Information Disclosure   Important   

CVE-2020-3804

CVE-2020-3806

Out-of-bounds write Arbitrary Code Execution      Critical CVE-2020-3795
Stack-based buffer overflow Arbitrary Code Execution      Critical CVE-2020-3799
 
Use-after-free Arbitrary Code Execution  Critical

CVE-2020-3792

CVE-2020-3793

CVE-2020-3801

CVE-2020-3802

CVE-2020-3805

Memory address leak   Information Disclosure   Important   CVE-2020-3800
Buffer overflow Arbitrary Code Execution  Critical CVE-2020-3807
Memory corruption Arbitrary Code Execution  Critical CVE-2020-3797
Insecure library loading (DLL hijacking) Privilege Escalation Important   CVE-2020-3803

Adobe recommends users upgrade to the latest versions of Acrobat DC, Acrobat Reader DC, Acrobat 2017, Acrobat Reader 2017, Acrobat 2015, and Acrobat Reader 2015.

Kent

Next Post

Prominent U.S. climate denial group fires president amid financial crisis | Science

Wed Mar 18 , 2020
Frank Lasee, a former state legislator, is out as head of the Heartland Institute, known for its efforts to question climate science. Douglas Graham/CQ Roll Call via AP Images By Scott Waldman, E&E NewsMar. 17, 2020 , 10:40 AM Originally published by E&E News The Heartland Institute is undergoing its […]