![]() “Based on previous experience, we do not anticipate exploits are imminent. “There are currently no known exploits,” according to Adobe. The flaws have a “priority 2” rating, which according to Adobe resolves vulnerabilities “in a product that has historically been at elevated risk.” Users can update to Acrobat DC and Acrobat Reader DC Continuous version 2020.013.20064 Acrobat and Acrobat Reader Classic 2020 version 2020.001.30010 and Acrobat and Acrobat Reader Classic 2017 version 2017.011.30180. Other important severity flaws include two improper input-validation issues, with one leading to arbitrary JavaScript execution (CVE-2020-24432) and the other enabling information disclosure (CVE-2020-24427).Īnother important-severity flaw stems from a security feature bypass that could allow for dynamic library injection (CVE-2020-24431).Īnd, moderate-severity flaws tied to four CVEs could allow for information disclosure (CVE-2020-24426, CVE-2020-24434, CVE-2020-24438) and signature-verification bypass (CVE-2020-24439).Īffected versions include Acrobat DC and Acrobat Reader DC Continuous versions 2020.012.20048 and earlier (for Windows and macOS) Acrobat and Acrobat Reader Classic 2020 versions 2020.001.30005 and earlier (for Windows and macOS) and Acrobat and Acrobat Reader Classic 2017 versions 2017.011.30175 and earlier (for Windows and macOS). These include issue- that allow for local privilege escalation, including an improper access control flaw (CVE-2020-24433), a signature-verification bypass issue (CVE-2020-24429) and a race-condition glitch (CVE-2020-24428). “The November 2020 release of Adobe Reader and Acrobat is a standard product release that includes new product features as well as fixes for bugs and security vulnerabilities.”īeyond critical-severity flaws, Adobe also patched important-severity vulnerabilities tied to six CVEs. However, “While Adobe strives to release regularly scheduled updates on update Tuesday, occasionally those regularly scheduled security updates are released on non-update Tuesday dates,” an Adobe spokesperson said. Typically Adobe releases its regularly scheduled updates on the second Tuesday of the month. The bugs are part of Adobe’s regularly scheduled patches, which overall patched critical-, important- and moderate-severity vulnerabilities tied to 14 CVEs. These critical flaws include a heap-based buffer overflow (CVE-2020-24435), out-of-bounds write glitch (CVE-2020-24436) and two use-after free flaws (CVE-2020-24430 and CVE-2020-24437). The vulnerabilities could be exploited to execute arbitrary code on affected products. Adobe has fixed critical-severity flaws tied to four CVEs in the Windows and macOS versions of its Acrobat and Reader family of application software services.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |