Adobe addresses critical issues in Acrobat, Reader, and DNG SDK

Adobe has released security updates to address 36 vulnerabilities in Adobe Acrobat, Reader, and Adobe DNG Software Development Kit.

Adobe has released security updates for Adobe Acrobat, Reader, and Adobe DNG Software Development Kit that address thirty-six security vulnerabilities in Adobe Acrobat, Reader, and Adobe DNG Software Development Kit.

Sixteen vulnerabilities addressed by Adobe have been rated as ‘Critical’ and could be exploited by attackers to execute arbitrary code or to bypass.

“Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.” reads the Security Update for Adobe Acrobat and Reader (APSB20-24)

Adobe fixes a total of 24 vulnerabilities in Acrobat and Reader, 12 of them rated as ‘Critical’ severity. The remaining issues, rated as important severity, are denial of service or information disclosure vulnerabilities.

Vulnerability Category	Vulnerability Impact	Severity	CVE Number
Null Pointer	Application denial-of-service	Important	CVE-2020-9610
Heap Overflow	Arbitrary Code Execution	Critical	CVE-2020-9612
Race Condition	Security feature bypass	Critical	CVE-2020-9615
Out-of-bounds write	Arbitrary Code Execution	Critical	CVE-2020-9597CVE-2020-9594
Security bypass	Security feature bypass	Critical	CVE-2020-9614CVE-2020-9613CVE-2020-9596CVE-2020-9592
Stack exhaustion	Application denial-of-service	Important	CVE-2020-9611
Out-of-bounds read	Information disclosure	Important	CVE-2020-9609CVE-2020-9608CVE-2020-9603CVE-2020-9602CVE-2020-9601CVE-2020-9600CVE-2020-9599
Buffer error	Arbitrary Code Execution	Critical	CVE-2020-9605CVE-2020-9604
Use-after-free	Arbitrary Code Execution	Critical	CVE-2020-9607CVE-2020-9606
Invalid memory access	Information disclosure	Important	CVE-2020-9598CVE-2020-9595CVE-2020-9593

Adobe addressed twelve vulnerabilities in the Adobe DNG Software Development Kit for Windows and MacOS, four of them rated as ‘Critical’ severity while the remaining ones are classified as ‘Important’.

“Adobe has released an update for the Adobe DNG Software Development Kit (SDK) for Windows and macOS. This update resolves multiple critical Heap Overflow and important Out-of-Bounds Read vulnerabilities that could lead to Remote Code Execution and Information Disclosure, respectively.” reads the security update for Software Development Kit (SDK) (APSB20-26).

Vulnerability Category	Vulnerability Impact	Severity	CVE Numbers
Heap Overflow	Arbitrary Code Execution	Critical	CVE-2020-9589CVE-2020-9590 CVE-2020-9620 CVE-2020-9621
Out-of-Bounds Read	Information Disclosure	Important	CVE-2020-9622 CVE-2020-9623 CVE-2020-9624 CVE-2020-9625 CVE-2020-9626 CVE-2020-9627 CVE-2020-9628 CVE-2020-9629

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Adobe code execution, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.