Update your Adobe Acrobat, Reader, and Lightroom now to the latest version for avoiding critical code execution
Back in the month of May, Adobe fixed bugs and other vulnerabilities with a total of 36 vulnerabilities in its three products. Adobe pushed a security update for the three products to fix the vulnerabilities. Out of 36 vulnerabilities, 16 were classified as ‘Critical’ as they allow code execution or the bypassing of security features. Now the company has patched another 26 vulnerabilities that allowed attackers to execute critical code.
The company has released a new version of the Adobe Acrobat, Reader, and Lightroom which fixes critical code execution. Out of 26 vulnerabilities, eleven are classified as ‘Critical’ because they allow attackers to bypass security features or perform remote code execution on vulnerable computers.
With the remote code execution technique, the threat actor can abuse your system by running critical commands and leak data. It can also install multiple spyware and other software that copies your data and leaks it immediately. To avoid this exploitation it is strongly recommended to update your Adobe software to the latest version.
Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user. Here are all the vulnerabilities that are patched by Adobe:
| Vulnerability Category | Vulnerability Impact | Severity | CVE Number |
|---|---|---|---|
| Disclosure of Sensitive Data | Memory Leak | Important | CVE-2020-9697 |
| Security bypass | Privilege Escalation | Important | CVE-2020-9714 |
| Out-of-bounds write | Arbitrary Code Execution | Critical | CVE-2020-9693 CVE-2020-9694 |
| Security bypass | Security feature bypass | Critical | CVE-2020-9696 CVE-2020-9712 |
| Stack exhaustion | Application denial-of-service | Important | CVE-2020-9702 CVE-2020-9703 |
| Out-of-bounds read | Information disclosure | Important | CVE-2020-9723 CVE-2020-9705 CVE-2020-9706 CVE-2020-9707 CVE-2020-9710 CVE-2020-9716 CVE-2020-9717 CVE-2020-9718 CVE-2020-9719 CVE-2020-9720 CVE-2020-9721 |
| Buffer error | Arbitrary Code Execution | Critical | CVE-2020-9698 CVE-2020-9699 CVE-2020-9700 CVE-2020-9701 CVE-2020-9704 |
| Use-after-free | Arbitrary Code Execution | Critical | CVE-2020-9715 CVE-2020-9722 |
Security update available for Adobe Lightroom. Below are all the vulnerabilities that are patched by Adobe:
This type of attack is caused by the program insecurely loading a DLL when starting, which allows an attacker to load a malicious DLL instead.
| Vulnerability Category | Vulnerability Impact | Severity | CVE Numbers |
| Insecure Library Loading | Privilege escalation | Important | CVE-2020-9724 |
These are all the vulnerabilities that are fixed by Adobe in its three software. For more news on tech and cybersecurity stay tuned on Android Rookies by subscribing to our newsletter from here.
