Adobe has released security updates for Adobe Acrobat and Adobe Reader that fix numerous vulnerabilities ranging from information disclosure to arbitrary code execution. Out of these 13 vulnerabilities, 4 are rated as ‘Important’ as they lead to information disclosure or privilege escalation, whereas other 9 are rated as ‘Critical’ because they could allow an attacker to create malicious PDFs or other malicious actions that could exploit these vulnerabilities to execute commands on the affected computer.
|Vulnerability Category||Vulnerability Impact||Severity||CVE Number|
|Out-of-bounds read||Information Disclosure||Important||CVE-2020-3804CVE-2020-3806|
|Out-of-bounds write||Arbitrary Code Execution||Critical||CVE-2020-3795|
|Stack-based buffer overflow||Arbitrary Code Execution||Critical||CVE-2020-3799|
|Use-after-free||Arbitrary Code Execution||Critical||CVE-2020-3792CVE-2020-3793CVE-2020-3801CVE-2020-3802CVE-2020-3805|
|Memory address leak||Information Disclosure||Important||CVE-2020-3800|
|Buffer overflow||Arbitrary Code Execution||Critical||CVE-2020-3807|
|Memory corruption||Arbitrary Code Execution||Critical||CVE-2020-3797|
|Insecure library loading (DLL hijacking)||Privilege Escalation||Important||CVE-2020-3803|
Adobe recommends users upgrade to the latest versions of Acrobat DC, Acrobat Reader DC, Acrobat 2017, Acrobat Reader 2017, Acrobat 2015, and Acrobat Reader 2015.
Update affected products for Windows and MacOS to:
Updates are installed automatically. If not, users can manually update their product installations by choosing Help > Check for Updates.