Adobe warns Windows, macOS — Critical Acrobat and Reader vulnerabilities

silversurfer

Level 73
Verified
Trusted
Content Creator
Malware Hunter
Aug 17, 2014
6,230
Adobe has fixed critical-severity flaws tied to four CVEs in the Windows and macOS versions of its Acrobat and Reader family of application software services. The vulnerabilities could be exploited to execute arbitrary code on affected products.

These critical flaws include a heap-based buffer overflow (CVE-2020-24435), out-of-bounds write glitch (CVE-2020-24436) and two use-after free flaws (CVE-2020-24430 and CVE-2020-24437). The bugs are part of Adobe’s regularly scheduled patches, which overall patched critical-, important- and moderate-severity vulnerabilities tied to 14 CVEs.

Typically Adobe releases its regularly scheduled updates on the second Tuesday of the month. However, “While Adobe strives to release regularly scheduled updates on update Tuesday, occasionally those regularly scheduled security updates are released on non-update Tuesday dates,” an Adobe spokesperson said. “The November 2020 release of Adobe Reader and Acrobat is a standard product release that includes new product features as well as fixes for bugs and security vulnerabilities.”
 

Correlate

Level 16
Verified
May 4, 2019
722
Adobe, the maker of the once-ubiquitous Flash Player, has removed all Flash components in the latest release of its Reader and Acrobat PDF products ahead of Flash's official death in December 2020.
The company's update also contains patches for several critical security flaws that should make the November release imperative for admins to install.
 
Top