Adobe has released security updates for Adobe Acrobat, Reader, and Lightroom that fix a total of twenty-six vulnerabilities in the three programs.
Of the vulnerabilities, eleven are classified as ‘Critical’ because they allow attackers to bypass security features or perform remote code execution on vulnerable computers.
Remote code execution vulnerabilities are the most damaging as it allows the attacker to run commands on affected computers without a user’s permission or knowledge.
If you use any of these products, it is strongly suggested that you upgrade to the latest versions as soon as possible.
APSB20-48 Security updates available for Adobe Acrobat and Reader
Adobe has released a security update that fixes 25 vulnerabilities in Adobe Acrobat and Reader.
Of these 25 vulnerabilities, 11 are classified as ‘Critical’ as they could allow remote code execution or the bypassing of security features.
| Vulnerability Category | Vulnerability Impact | Severity | CVE Number |
|---|---|---|---|
| Disclosure of Sensitive Data | Memory Leak | Important |
CVE-2020-9697 |
| Security bypass | Privilege Escalation | Important | CVE-2020-9714 |
| Out-of-bounds write | Arbitrary Code Execution | Critical |
CVE-2020-9693 CVE-2020-9694 |
| Security bypass | Security feature bypass | Critical |
CVE-2020-9696 CVE-2020-9712 |
| Stack exhaustion | Application denial-of-service | Important |
CVE-2020-9702 CVE-2020-9703 |
| Out-of-bounds read | Information disclosure | Important |
CVE-2020-9723 CVE-2020-9705 CVE-2020-9706 CVE-2020-9707 CVE-2020-9710 CVE-2020-9716 CVE-2020-9717 CVE-2020-9718 CVE-2020-9719 CVE-2020-9720 CVE-2020-9721 |
| Buffer error | Arbitrary Code Execution | Critical |
CVE-2020-9698 CVE-2020-9699 CVE-2020-9700 CVE-2020-9701 CVE-2020-9704 |
| Use-after-free | Arbitrary Code Execution | Critical |
CVE-2020-9715 CVE-2020-9722 |
Users should install the latest versions of Adobe Acrobat and Reader to resolve these vulnerabilities.
APSB20-51 Security update available for Adobe Lightroom
Adobe has released a security update for Adobe Lightroom that fixes a DLL hijacking vulnerability that would allow an attacker to execute commands with elevated privileges.
This type of attack is caused by the program insecurely loading a DLL when starting, which allows an attacker to load a malicious DLL instead.
| Vulnerability Category | Vulnerability Impact | Severity | CVE Numbers |
| Insecure Library Loading | Privilege escalation | Important |
CVE-2020-9724 |
Users should install Lightroom Classic 9.3 to fix the vulnerability.
To read the original article: https://www.bleepingcomputer.com/news/security/adobe-fixes-critical-code-execution-bugs-in-acrobat-and-reader/