- Aug 17, 2014
Adobe has fixed critical-severity flaws tied to four CVEs in the Windows and macOS versions of its Acrobat and Reader family of application software services. The vulnerabilities could be exploited to execute arbitrary code on affected products.
These critical flaws include a heap-based buffer overflow (CVE-2020-24435), out-of-bounds write glitch (CVE-2020-24436) and two use-after free flaws (CVE-2020-24430 and CVE-2020-24437). The bugs are part of Adobe’s regularly scheduled patches, which overall patched critical-, important- and moderate-severity vulnerabilities tied to 14 CVEs.
Typically Adobe releases its regularly scheduled updates on the second Tuesday of the month. However, “While Adobe strives to release regularly scheduled updates on update Tuesday, occasionally those regularly scheduled security updates are released on non-update Tuesday dates,” an Adobe spokesperson said. “The November 2020 release of Adobe Reader and Acrobat is a standard product release that includes new product features as well as fixes for bugs and security vulnerabilities.”
The critical-severity Adobe Acrobat and Reader vulnerabilities could enable arbitrary code execution and are part of a 14-CVE patch update.