Vulnerabilities fixed by Adobe in Acrobat, Reader, and DNG SDK in the latest Update
The Software company Adobe fixed a total of 36 vulnerabilities in its three products. Adobe pushed a security update for three products to fix the vulnerabilities. Out of 36 vulnerabilities, 16 are classified as ‘Critical’ as they allow code execution or the bypassing of security features.
Adobe Acrobat is a family of application software and Web services developed by Adobe Inc. to view, create, manipulate, print, and manage files in Portable Document Format.
The Adobe DNG SDK provides support for reading and writing DNG files as well as support for converting DNG data into a format easily displayed or processed by imaging applications. This SDK can serve as a starting point for adding DNG support to existing applications that use and manipulate images or as an aid to adding DNG support within cameras.
However, we strongly recommend you to update the products to the latest version as soon as possible.
Adobe has released security updates for Acrobat and Reader that resolve a total of twenty-four vulnerabilities.
Out of these 24 vulnerabilities, 12 are critical which can bypass security, and others are DOS(Denial of Service) which are marked important.
List of vulnerabilities is given below:
|Vulnerability Category||Vulnerability Impact||Severity||CVE Number|
|Null Pointer||Application denial-of-service||Important||CVE-2020-9610|
|Heap Overflow||Arbitrary Code Execution||Critical||CVE-2020-9612|
|Race Condition||Security feature bypass||Critical||CVE-2020-9615|
|Out-of-bounds write||Arbitrary Code Execution||Critical||CVE-2020-9597|
|Security bypass||Security feature bypass||Critical||CVE-2020-9614|
|Stack exhaustion||Application denial-of-service||Important||CVE-2020-9611|
|Out-of-bounds read||Information disclosure||Important||CVE-2020-9609|
|Buffer error||Arbitrary Code Execution||Critical||CVE-2020-9605|
|Use-after-free||Arbitrary Code Execution||Critical||CVE-2020-9607|
|Invalid memory access||Information disclosure||Important||CVE-2020-9598|
[Source: Bleeping Computer]
The Adobe DNG Software Development Kit has 12 vulnerabilities. Out of 12 vulnerabilities, 4 of them are critical as they can bypass security, and others are classified as ‘Important’.
|Vulnerability Category||Vulnerability Impact||Severity||CVE Numbers|
|Heap Overflow||Arbitrary Code Execution||Critical||CVE-2020-9589|
|Out-of-Bounds Read||Information Disclosure||Important||CVE-2020-9622|
However, it is highly recommended to update your Adobe Acrobat, Reader, and DNG SDK.
[Soruce: Bleeping Computer]