Recently Adobe has released an important security update for Adobe Acrobat and Adobe Reader that has patched much critical and important security bug that can lead to arbitrary code execution and information disclosure when successfully exploited.
Yesterday Adobe has patched 13 vulnerability that includes Out-of-bounds write, Out-of-bounds read, Use-after-free, Stack-based buffer overflow, Buffer overflow, Memory address leak, Memory corruption, Insecure library loading (DLL hijacking) out of these 9 are marked as critical and can lead to arbitrary code execution and 4 of them are marked as important that can lead to privilege escalation and information disclosure when exploited successfully.
All the critical vulnerabilities can allow arbitrary code execution which means that an attacker can install the malware in a pdf on a system running the vulnerable version of Adobe.
In February update Adobe has patched more than 42 vulnerabilities in its 5 most widely used software of which 35 were classified as high severity.
The 13 vulnerabilities can be tracked as following CVE :
- Out-of-bounds read : CVE-2020-3804, CVE-2020-3806
- Stack-based buffer overflow: CVE-2020-3799
- Out-of-bounds write: CVE-2020-3795
- Use-after-free: CVE-2020-3792: CVE-2020-3793, CVE-2020-3801, CVE-2020-3802, CVE-2020-3805
- Memory corruption: CVE-2020-3797
- Buffer overflow: CVE-2020-3807
- Memory address leak: CVE-2020-3800
- Insecure library loading (DLL hijacking): CVE-2020-3803
Adobe recommends all of its users to update the software to the latest versions. The vulnerability affects the software Acrobat Reader DC, Acrobat Reader 2017, Acrobat 2017, Acrobat DC, Acrobat 2015, Acrobat Reader 2017, Acrobat 2017, Acrobat Reader 2015.
So update these software versions to the latest versions. As all of the software marked as important and critical and secures a priority score of 2.
How to update?
Users can go to the help section of the software and click on the button check for update
If there is any update available for the software it will pop up that update is available.
IT administrators can go to the site FTP and can download the latest versions of the software.