Adobe fixes critical code execution bugs in Acrobat and Reader

by certadmin

Adobe has released security updates for Adobe Acrobat, Reader, and Lightroom that fix a total of twenty-six vulnerabilities in the three programs.

Of the vulnerabilities, eleven are classified as ‘Critical’ because they allow attackers to bypass security features or perform remote code execution on vulnerable computers.

Remote code execution vulnerabilities are the most damaging as it allows the attacker to run commands on affected computers without a user’s permission or knowledge.

If you use any of these products, it is strongly suggested that you upgrade to the latest versions as soon as possible.

APSB20-48 Security updates available for Adobe Acrobat and Reader

Adobe has released a security update that fixes 25 vulnerabilities in Adobe Acrobat and Reader.

Of these 25 vulnerabilities, 11 are classified as ‘Critical’ as they could allow remote code execution or the bypassing of security features.

Vulnerability Category Vulnerability Impact Severity CVE Number
Disclosure of Sensitive Data Memory Leak Important   

CVE-2020-9697

Security bypass  Privilege Escalation  Important CVE-2020-9714
Out-of-bounds write Arbitrary Code Execution          Critical 

CVE-2020-9693

CVE-2020-9694

Security bypass Security feature bypass Critical 

CVE-2020-9696

CVE-2020-9712

Stack exhaustion Application denial-of-service Important 

CVE-2020-9702

CVE-2020-9703

Out-of-bounds read Information disclosure Important 

CVE-2020-9723

CVE-2020-9705

CVE-2020-9706

CVE-2020-9707

CVE-2020-9710

CVE-2020-9716

CVE-2020-9717

CVE-2020-9718

CVE-2020-9719

CVE-2020-9720

CVE-2020-9721

Buffer error Arbitrary Code Execution          Critical 

CVE-2020-9698

CVE-2020-9699

CVE-2020-9700

CVE-2020-9701

CVE-2020-9704

Use-after-free    Arbitrary Code Execution          Critical 

CVE-2020-9715

CVE-2020-9722

Users should install the latest versions of Adobe Acrobat and Reader to resolve these vulnerabilities.

APSB20-51 Security update available for Adobe Lightroom

Adobe has released a security update for Adobe Lightroom that fixes a DLL hijacking vulnerability that would allow an attacker to execute commands with elevated privileges.

This type of attack is caused by the program insecurely loading a DLL when starting, which allows an attacker to load a malicious DLL instead. 

Vulnerability Category Vulnerability Impact Severity CVE Numbers
Insecure Library Loading Privilege escalation Important

CVE-2020-9724

Users should install Lightroom Classic 9.3 to fix the vulnerability.

To read the original article: https://www.bleepingcomputer.com/news/security/adobe-fixes-critical-code-execution-bugs-in-acrobat-and-reader/

Top

Interdit de copier  ce contenu