Your hacker Blog

Adobe addresses critical issues in Acrobat, Reader, and DNG SDK

Adobe has released security updates to address 36 vulnerabilities in Adobe Acrobat, Reader, and Adobe DNG Software Development Kit.

Adobe has released security updates for Adobe Acrobat, Reader, and Adobe DNG Software Development Kit that address thirty-six security vulnerabilities in Adobe Acrobat, Reader, and Adobe DNG Software Development Kit.

Sixteen vulnerabilities addressed by Adobe have been rated as ‘Critical’ and could be exploited by attackers to execute arbitrary code or to bypass.

“Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.” reads the Security Update for Adobe Acrobat and Reader (APSB20-24)

Adobe fixes a total of 24 vulnerabilities in Acrobat and Reader, 12 of them rated as ‘Critical’ severity. The remaining issues, rated as important severity, are denial of service or information disclosure vulnerabilities.

Vulnerability CategoryVulnerability ImpactSeverityCVE NumberNull PointerApplication denial-of-serviceImportant   CVE-2020-9610Heap OverflowArbitrary Code Execution         Critical CVE-2020-9612Race ConditionSecurity feature bypassCritical CVE-2020-9615Out-of-bounds writeArbitrary Code Execution         Critical CVE-2020-9597CVE-2020-9594Security bypassSecurity feature bypassCritical CVE-2020-9614CVE-2020-9613CVE-2020-9596CVE-2020-9592Stack exhaustionApplication denial-of-serviceImportant CVE-2020-9611Out-of-bounds readInformation disclosureImportant CVE-2020-9609CVE-2020-9608CVE-2020-9603CVE-2020-9602CVE-2020-9601CVE-2020-9600CVE-2020-9599Buffer errorArbitrary Code Execution         Critical CVE-2020-9605CVE-2020-9604Use-after-free   Arbitrary Code Execution         Critical CVE-2020-9607CVE-2020-9606Invalid memory accessInformation disclosureImportant CVE-2020-9598CVE-2020-9595CVE-2020-9593Adobe addressed twelve vulnerabilities in the Adobe DNG Software Development Kit for Windows and MacOS, four of them rated as ‘Critical’ severity while the remaining ones are classified as ‘Important’.

“Adobe has released an update for the Adobe DNG Software Development Kit (SDK) for Windows and macOS. This update resolves multiple critical Heap Overflow and important Out-of-Bounds Read vulnerabilities that could lead to Remote Code Execution and Information Disclosure, respectively.” reads the security update for Software Development Kit (SDK) (APSB20-26).

Vulnerability Category      Vulnerability Impact      Severity  CVE Numbers      Heap OverflowArbitrary Code Execution       Critical  CVE-2020-9589CVE-2020-9590  CVE-2020-9620  CVE-2020-9621  Out-of-Bounds Read Information Disclosure   ImportantCVE-2020-9622  CVE-2020-9623  CVE-2020-9624  CVE-2020-9625  CVE-2020-9626  CVE-2020-9627  CVE-2020-9628  CVE-2020-9629  

window._mNHandle = window._mNHandle || {};
window._mNHandle.queue = window._mNHandle.queue || [];
medianet_versionId = “3121199”;

try {
window._mNHandle.queue.push(function () {
window._mNDetails.loadTag(“762221962”, “300×250”, “762221962”);
});
}
catch (error) {}

Pierluigi Paganini

(SecurityAffairs – Adobe code execution, hacking)

The post Adobe addresses critical issues in Acrobat, Reader, and DNG SDK appeared first on Security Affairs.