SECURITY

Adobe Acrobat and Reader software found arbitrary code execution vulnerabilities and need to be upgraded as soon as possible



Naija Tech News (NTN) on 04, and in content, Adobe Acrobat and Reader software found arbitrary code execution vulnerabilities and need to be upgraded as soon as possible, Adobe, Adobe Acrobat, PDF, Reader .

Adobe Acrobat and Reader are the PDF document software of the Adobe company in the United States. Adobe Reader is free to use and can view PDF documents. Editing operations such as modification and watermarking are not possible. Adobe Acrobat is charged. In addition to basic PDF viewing, advanced editing operations can be performed .

Adobe Acrobat and Reader software found arbitrary code execution vulnerabilities and need to be upgraded as soon as possible

On November 3, Adobe released emergency security updates for Acrobat and Reader. These updates resolve arbitrary code execution vulnerabilities that are rated as critical and important. The following are the details of the vulnerability:

Vulnerability details

Since this is a quiet lengthy article, we have added a table of contents for easier navigation.

source:

https://helpx.adobe.com/security/products/acrobat/apsb20-67.html

1. CVE-2020-24435 Severity: Critical

The vulnerability is mainly caused by a heap-based buffer overflow. Successful exploitation of this vulnerability can lead to arbitrary code execution.

2. CVE-2020-24436 severity: critical

The vulnerability is mainly caused by out-of-bounds write operations. Successful exploitation of this vulnerability can lead to arbitrary code execution.

3. CVE-2020-24430, CVE-2020-24437 severity: critical

The vulnerability is mainly caused by Use-after-free. Successful exploitation of this vulnerability can lead to arbitrary code execution.

4. CVE-2020-24433 severity: important

The vulnerability is mainly caused by improper access control. Successful exploitation of this vulnerability can lead to escalation of local privileges

5. CVE-2020-24432 severity: important

The vulnerability is mainly caused by incorrect input validation. Successful exploitation of this vulnerability can lead to arbitrary JavaScript execution

6. CVE-2020-24429 severity: important

The vulnerability is mainly caused by the bypass of signature verification. Successful exploitation of this vulnerability can lead to escalation of local privileges

7. CVE-2020-24427 severity: important

The vulnerability is mainly caused by incorrect input verification. Successful exploitation of this vulnerability can lead to the disclosure of sensitive information

8. CVE-2020-24431 severity: important

The vulnerability is mainly caused by the bypass of security functions, which can lead to dynamic library injection attacks (dynamic library injection refers to loading another set of interface libraries by some means when the program is started or running, replacing the original dependent library. Function. This can achieve the purpose of changing the function of the program without modifying the original code)

Affected product version

Windows and macOS platforms:

Acrobat DC and Acrobat Reader DC: 2020.012.20048 and earlier versions         

Acrobat 2017 and Acrobat Reader 2017: 2017.011.30175 and earlier versions

Acrobat 2020 and Acrobat Reader 2020: 2020.001.30005 and earlier versions

solution

Windows and macOS platforms:

For Acrobat DC and Acrobat Reader DC: Apply the 2020.013.20064 upgrade patch to fix

For Acrobat 2017 and Acrobat Reader 2017: Apply 2017.011.30180 upgrade patch to fix

For Acrobat 2020 and Acrobat Reader 2020: Apply the 2020.001.30010 upgrade patch to fix

Adobe recommends that users follow the instructions below to update their software installation to the latest version.    

The latest product version can be provided to end users through one of the following methods:    

Users can manually update their product installation by selecting Help>Check for Updates.     

After an update is detected, the product will automatically update without user intervention.     

The complete Acrobat Reader installation program can be downloaded from the Acrobat Reader Download Center.     

For IT administrators (hosted environment):     

Download the enterprise installer from ftp://ftp.adobe.com/pub/adobe/, or refer to the specific release notes version for a link to the installer.     

Install the update via the preferred method (e.g. AIP-GPO, Bootloader, SCUP/SCCM (Windows)) or on macOS, Apple Remote Desktop and SSH.    

DOWNLOAD Our Mobile App



If you think this post can be helpful to somebody else, please share it on Twitter, Facebook or Whatsapp it to friends. There are buttons below for this (easy to use too)! Join Over 5,000 + Readers. Get a free daily update via Email HERE


For the latest tech news across the world, latest PC and Mobile games, tips & tricks, top-notch gadget reviews of most exciting releases follow Naijatechnews' FacebookTwitter, Instagram & Telegram. Subscribe our Google News, & YouTube Cannel.

YOU MAY LIKE

Download Netify VPN Apk 2019 For Android 1

Click to comment ❤️

Leave a Reply

Your email address will not be published.

4 + five =



Note: off comments will be trashed and you will be marked as Spam! use contact us, if it's required.

TRENDING POSTS

To Top