Security News > 2020 > August > Critical Adobe Acrobat and Reader Bugs Allow RCE
Adobe has plugged 11 critical security holes in Acrobat and Reader, which if exploited could allow attackers to remotely execute code or sidestep security features in the app.
As part of its regularly scheduled security updates, Tuesday, Adobe fixed critical- and important-severity flaws tied to 26 CVEs - all stemming from its popular Acrobat and Reader document-management application - as well as one important-severity CVE in Adobe Lightroom, which is its image manipulation software.
One of the more severe critical flaws addressed, a use-after-free glitch, could allow remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. "The specific flaw exists within the handling of ESObject data objects," Dustin Childs, communications manager for Trend Micro's Zero Day Initiative, told Threatpost.
Beyond the critical-severity flaws, Adobe also issued fixes for 15 important-rated vulnerabilities in Acrobat and Reader.
Later in the month, Adobe released a slew of unscheduled patches for critical vulnerabilities - including several critical flaws tied to its popular Photoshop photo-editing software, which allowed adversaries to execute arbitrary code on targeted Windows devices.
News URL
https://threatpost.com/critical-adobe-acrobat-reader-bugs-rce/158261/
Related news
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- Critical Zimbra RCE flaw exploited to backdoor servers using emails (source)
- CISA: Network switch RCE flaw impacts critical infrastructure (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- Akira and Fog ransomware now exploit critical Veeam RCE flaw (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)