Security News > 2020 > August > Critical Adobe Acrobat and Reader Bugs Allow RCE
Adobe has plugged 11 critical security holes in Acrobat and Reader, which if exploited could allow attackers to remotely execute code or sidestep security features in the app.
As part of its regularly scheduled security updates, Tuesday, Adobe fixed critical- and important-severity flaws tied to 26 CVEs - all stemming from its popular Acrobat and Reader document-management application - as well as one important-severity CVE in Adobe Lightroom, which is its image manipulation software.
One of the more severe critical flaws addressed, a use-after-free glitch, could allow remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. "The specific flaw exists within the handling of ESObject data objects," Dustin Childs, communications manager for Trend Micro's Zero Day Initiative, told Threatpost.
Beyond the critical-severity flaws, Adobe also issued fixes for 15 important-rated vulnerabilities in Acrobat and Reader.
Later in the month, Adobe released a slew of unscheduled patches for critical vulnerabilities - including several critical flaws tied to its popular Photoshop photo-editing software, which allowed adversaries to execute arbitrary code on targeted Windows devices.
News URL
https://threatpost.com/critical-adobe-acrobat-reader-bugs-rce/158261/
Related news
- Adobe fixes Acrobat Reader zero-day with public PoC exploit (source)
- Adobe fixed Acrobat bug, neglected to mention whole zero-day exploit thing (source)
- D-Link fixes critical RCE, hardcoded password flaws in WiFi 6 routers (source)
- Exploit code released for critical Ivanti RCE flaw, patch now (source)
- SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks (source)
- Broadcom fixes critical RCE bug in VMware vCenter Server (source)
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- Critical Zimbra RCE flaw exploited to backdoor servers using emails (source)
- CISA: Network switch RCE flaw impacts critical infrastructure (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)