Adobe Acrobat and Reader are the PDF document software of the Adobe company in the United States. Adobe Reader is free to use and can view PDF documents. Editing operations such as modification and watermarking are not possible. Adobe Acrobat is charged. In addition to basic PDF viewing, advanced editing operations can be performed .
On November 3, Adobe released emergency security updates for Acrobat and Reader. These updates resolve arbitrary code execution vulnerabilities that are rated as critical and important. The following are the details of the vulnerability:
Vulnerability details
source:
https://helpx.adobe.com/security/products/acrobat/apsb20-67.html
1. CVE-2020-24435 Severity: Critical
The vulnerability is mainly caused by a heap-based buffer overflow. Successful exploitation of this vulnerability can lead to arbitrary code execution.
2. CVE-2020-24436 severity: critical
The vulnerability is mainly caused by out-of-bounds write operations. Successful exploitation of this vulnerability can lead to arbitrary code execution.
3. CVE-2020-24430, CVE-2020-24437 severity: critical
The vulnerability is mainly caused by Use-after-free. Successful exploitation of this vulnerability can lead to arbitrary code execution.
4. CVE-2020-24433 severity: important
The vulnerability is mainly caused by improper access control. Successful exploitation of this vulnerability can lead to escalation of local privileges
5. CVE-2020-24432 severity: important
The vulnerability is mainly caused by incorrect input validation. Successful exploitation of this vulnerability can lead to arbitrary JavaScript execution
6. CVE-2020-24429 severity: important
The vulnerability is mainly caused by the bypass of signature verification. Successful exploitation of this vulnerability can lead to escalation of local privileges
7. CVE-2020-24427 severity: important
The vulnerability is mainly caused by incorrect input verification. Successful exploitation of this vulnerability can lead to the disclosure of sensitive information
8. CVE-2020-24431 severity: important
The vulnerability is mainly caused by the bypass of security functions, which can lead to dynamic library injection attacks (dynamic library injection refers to loading another set of interface libraries by some means when the program is started or running, replacing the original dependent library. Function. This can achieve the purpose of changing the function of the program without modifying the original code)
Affected product version
Windows and macOS platforms:
Acrobat DC and Acrobat Reader DC: 2020.012.20048 and earlier versions
Acrobat 2017 and Acrobat Reader 2017: 2017.011.30175 and earlier versions
Acrobat 2020 and Acrobat Reader 2020: 2020.001.30005 and earlier versions
solution
Windows and macOS platforms:
For Acrobat DC and Acrobat Reader DC: Apply the 2020.013.20064 upgrade patch to fix
For Acrobat 2017 and Acrobat Reader 2017: Apply 2017.011.30180 upgrade patch to fix
For Acrobat 2020 and Acrobat Reader 2020: Apply the 2020.001.30010 upgrade patch to fix
Adobe recommends that users follow the instructions below to update their software installation to the latest version.
The latest product version can be provided to end users through one of the following methods:
Users can manually update their product installation by selecting Help>Check for Updates.
After an update is detected, the product will automatically update without user intervention.
The complete Acrobat Reader installation program can be downloaded from the Acrobat Reader Download Center.
For IT administrators (hosted environment):
Download the enterprise installer from ftp://ftp.adobe.com/pub/adobe/, or refer to the specific release notes version for a link to the installer.
Install the update via the preferred method (e.g. AIP-GPO, Bootloader, SCUP/SCCM (Windows)) or on macOS, Apple Remote Desktop and SSH.
For more such interesting article like this, app/softwares, games, Gadget Reviews, comparisons, troubleshooting guides, listicles, and tips & tricks related to Windows, Android, iOS, and macOS, follow us on Google News, Facebook, Instagram, Twitter, YouTube, and Pinterest.