Adobe has released security updates to address 36 vulnerabilities in Adobe Acrobat, Reader, and Adobe DNG Software Development Kit.
Adobe has released security updates for Adobe Acrobat, Reader, and Adobe DNG Software Development Kit that address thirty-six security vulnerabilities in Adobe Acrobat, Reader, and Adobe DNG Software Development Kit.
Sixteen vulnerabilities addressed by Adobe have been rated as ‘Critical’ and could be exploited by attackers to execute arbitrary code or to bypass.
“Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.” reads the Security Update for Adobe Acrobat and Reader (APSB20-24)
Adobe fixes a total of 24 vulnerabilities in Acrobat and Reader, 12 of them rated as ‘Critical’ severity. The remaining issues, rated as important severity, are denial of service or information disclosure vulnerabilities.
Vulnerability CategoryVulnerability ImpactSeverityCVE NumberNull PointerApplication denial-of-serviceImportant CVE-2020-9610Heap OverflowArbitrary Code Execution Critical CVE-2020-9612Race ConditionSecurity feature bypassCritical CVE-2020-9615Out-of-bounds writeArbitrary Code Execution Critical CVE-2020-9597CVE-2020-9594Security bypassSecurity feature bypassCritical CVE-2020-9614CVE-2020-9613CVE-2020-9596CVE-2020-9592Stack exhaustionApplication denial-of-serviceImportant CVE-2020-9611Out-of-bounds readInformation disclosureImportant CVE-2020-9609CVE-2020-9608CVE-2020-9603CVE-2020-9602CVE-2020-9601CVE-2020-9600CVE-2020-9599Buffer errorArbitrary Code Execution Critical CVE-2020-9605CVE-2020-9604Use-after-free Arbitrary Code Execution Critical CVE-2020-9607CVE-2020-9606Invalid memory accessInformation disclosureImportant CVE-2020-9598CVE-2020-9595CVE-2020-9593Adobe addressed twelve vulnerabilities in the Adobe DNG Software Development Kit for Windows and MacOS, four of them rated as ‘Critical’ severity while the remaining ones are classified as ‘Important’.
“Adobe has released an update for the Adobe DNG Software Development Kit (SDK) for Windows and macOS. This update resolves multiple critical Heap Overflow and important Out-of-Bounds Read vulnerabilities that could lead to Remote Code Execution and Information Disclosure, respectively.” reads the security update for Software Development Kit (SDK) (APSB20-26).
Vulnerability Category Vulnerability Impact Severity CVE Numbers Heap OverflowArbitrary Code Execution Critical CVE-2020-9589CVE-2020-9590 CVE-2020-9620 CVE-2020-9621 Out-of-Bounds Read Information Disclosure ImportantCVE-2020-9622 CVE-2020-9623 CVE-2020-9624 CVE-2020-9625 CVE-2020-9626 CVE-2020-9627 CVE-2020-9628 CVE-2020-9629
window._mNHandle = window._mNHandle || {};
window._mNHandle.queue = window._mNHandle.queue || [];
medianet_versionId = “3121199”;
try {
window._mNHandle.queue.push(function () {
window._mNDetails.loadTag(“762221962”, “300×250”, “762221962”);
});
}
catch (error) {}
Pierluigi Paganini
(SecurityAffairs – Adobe code execution, hacking)
The post Adobe addresses critical issues in Acrobat, Reader, and DNG SDK appeared first on Security Affairs.