Adobe has fixed 14 vulnerabilities, including critical flaws that attackers can exploit for arbitrary code execution in its Acrobat products. 10 of them rated as either critical or important severity bugs.

Security updates have been released to address critical Adobe Acrobat and Reader for Windows and macOS vulnerabilities on susceptible devices.

The following four vulnerabilities have been rated as critical severity:

  • CVE-2020-24435: A Heap-based buffer overflow that can lead an arbitrary code execution in the context of the targeted user.
  • CVE-2020-24436: An Out-of-bounds write that can lead an arbitrary code execution in the context of the targeted user.
  • CVE-2020-24430, CVE-2020-24437: Use-after-free issues that can lead an arbitrary code execution in the context of the targeted user.

Other than the mentioned, Adobe addressed six more vulnerabilities rated as important, tracked as CVE-2020-24433, CVE-2020-24432, CVE-2020-24429, CVE-2020-24427, CVE-2020-24431, CVE-2020-24428.

These vulnerabilities may allow arbitrary code execution, information disclosure, arbitrary JavaScript execution, local privilege escalation, and dynamic library injection.

Adobe classified security fixes as priority 2 updates, which means that they patch vulnerabilities in products that have ” historically been at elevated risk” with no public exploits.

“There are currently no known exploits,” according to Adobe. “Based on previous experience, we do not anticipate exploits are imminent. As a best practice, Adobe recommends administrators install the update soon (for example, within 30 days).”

Adobe advises that users update vulnerable products to the latest versions as quickly as possible to prevent attacks that could lead to the exploitation of unpatched installations.

These vulnerabilities were reported by independent researchers and experts from Cisco Talos, Computest, Danish Cyber Defence, Qihoo 360, Star Lab and Ruhr University Bochum, and Tencent.

Leave a Reply

Your email address will not be published. Required fields are marked *