Adobe has released security updates to address vulnerabilities in Adobe Acrobat and Reader, as well as Adobe DNG Software Development Kit (SDK). Successful exploitation could lead to arbitrary code execution or information disclosure.
The Adobe Acrobat and Reader for Windows and macOS security updates (APSB20-24) address 24 vulnerabilities, 12 rated Critical.
Also, Adobe confirmed exploitation of these issues could lead to arbitrary code execution under the context of the logged in user.
A summary of the Critical Acrobat and Reader fixed vulnerabilities include:
- Arbitrary Code Execution (CVE-2020-9612, CVE-2020-9594, CVE-2020-9597, CVE-2020-9604, CVE-2020-9605, CVE-2020-9606, and CVE-2020-9607).
- Security feature bypass (CVE-2020-9615, CVE-2020-9614, CVE-2020-9613, CVE-2020-9596, and CVE-2020-9592).
Adobe also released a security update (APSB20-26) for the Adobe DNG Software Development Kit (SDK) for Windows and macOS.
Adobe DNG SDK provides support for reading and writing DNG files and also supports converting DNG data into a format easily displayed or processed by imaging applications.
This update addresses four critical Heap Overflow and eight important Out-of-Bounds Read vulnerabilities that could lead to Remote Code Execution and Information Disclosure, respectively.
The fixed Critical DNG SDK vulnerabilities include: CVE-2020-9589, CVE-2020-9590, CVE-2020-9620 and CVE-2020-9621.