Security News > 2020 > August > Critical Adobe Acrobat and Reader Bugs Allow RCE
Adobe has plugged 11 critical security holes in Acrobat and Reader, which if exploited could allow attackers to remotely execute code or sidestep security features in the app.
As part of its regularly scheduled security updates, Tuesday, Adobe fixed critical- and important-severity flaws tied to 26 CVEs - all stemming from its popular Acrobat and Reader document-management application - as well as one important-severity CVE in Adobe Lightroom, which is its image manipulation software.
One of the more severe critical flaws addressed, a use-after-free glitch, could allow remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. "The specific flaw exists within the handling of ESObject data objects," Dustin Childs, communications manager for Trend Micro's Zero Day Initiative, told Threatpost.
Beyond the critical-severity flaws, Adobe also issued fixes for 15 important-rated vulnerabilities in Acrobat and Reader.
Later in the month, Adobe released a slew of unscheduled patches for critical vulnerabilities - including several critical flaws tied to its popular Photoshop photo-editing software, which allowed adversaries to execute arbitrary code on targeted Windows devices.
News URL
https://threatpost.com/critical-adobe-acrobat-reader-bugs-rce/158261/
Related news
- From PDFs to Payload: Bogus Adobe Acrobat Reader Installers Distribute Byakugan Malware (source)
- Fortinet warns of critical RCE bug in endpoint management software (source)
- Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool (source)
- Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability (source)
- Critical RCE bug in 92,000 D-Link NAS devices now exploited in attacks (source)