Security News > 2020 > August > Critical Adobe Acrobat and Reader Bugs Allow RCE
Adobe has plugged 11 critical security holes in Acrobat and Reader, which if exploited could allow attackers to remotely execute code or sidestep security features in the app.
As part of its regularly scheduled security updates, Tuesday, Adobe fixed critical- and important-severity flaws tied to 26 CVEs - all stemming from its popular Acrobat and Reader document-management application - as well as one important-severity CVE in Adobe Lightroom, which is its image manipulation software.
One of the more severe critical flaws addressed, a use-after-free glitch, could allow remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. "The specific flaw exists within the handling of ESObject data objects," Dustin Childs, communications manager for Trend Micro's Zero Day Initiative, told Threatpost.
Beyond the critical-severity flaws, Adobe also issued fixes for 15 important-rated vulnerabilities in Acrobat and Reader.
Later in the month, Adobe released a slew of unscheduled patches for critical vulnerabilities - including several critical flaws tied to its popular Photoshop photo-editing software, which allowed adversaries to execute arbitrary code on targeted Windows devices.
News URL
https://threatpost.com/critical-adobe-acrobat-reader-bugs-rce/158261/
Related news
- Apache issues patches for critical Struts 2 RCE bug (source)
- Adobe warns of critical ColdFusion bug with PoC exploit code (source)
- Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation (source)