Adobe Critical Security Updates 15 May 2020 16 Critical Vulnerabilities Fixed

Adobe had released security updates providing fixes for 16 critical vulnerabilities in Adobe Acrobat, Reader, and Adobe DNG Software Development Kit. A total of 36 security bugs were patched in this release. The critical vulnerabilities could allow the attackers to execute arbitrary code or bypass the target machine’s security features. These flaws affect Windows and Mac OS X.

At the time of the release of these updates, none of the vulnerabilities reported were being exploited in the wild.


Adobe Acrobat and Reader:

There are 24 vulnerabilities out of which 12 are classified as “critical” as they allow arbitrary code execution and security features bypass. Remaining vulnerabilities that could be exploited to disclose sensitive information are classified as ‘Important‘.

  • Multiple vulnerabilities are discovered in Adobe Acrobat and Reader. The exploitation of these vulnerabilities could lead to arbitrary code execution, security feature bypass, and information disclosure.
  • The attacker can gain the privileges of logged on user as a result of the critical vulnerabilities like Out-of-Bounds Write, Heap Overflow, Null Pointer, Use After Free, or Stack-based Buffer Overflow.
  • For successful exploitation of the vulnerabilities, an attacker needs to be logged into the system with the least privileges. The impact of the attack depends on the logged-on user rights since the same privileges will be used to perform various actions like installing a program, view, or delete information in the system.

Adobe DNG Software Development Kit(SDK):

Adobe DNG SDK provides support for reading and writing Digital Negative Raw files. It also supports converting DNG data into a format easily displayed or processed by imaging applications. There are 12 vulnerabilities that were fixed in Adobe DNG Software Development Kit(SDK) out of which 4 are classified as “critical” as they allow arbitrary code execution, with the rest being classified as ‘Important‘ that could be exploited to disclose sensitive information.

  • The exploitation of these vulnerabilities can lead to remote code execution and information disclosure.
  • Successful exploitation of Heap Overflow and Out-of-Bounds Read vulnerabilities could allow an attacker to execute arbitrary code and disclose sensitive information under the context of the logged-in user.
  • For successful exploitation of the vulnerabilities, an attacker needs to be logged into the system with the least privileges and perform various actions like installing a program, view, or delete information in the system.

We strongly recommend users of Adobe products to install the security updates as soon as possible.


Adobe Security Bulletin Summary for May 2020:

Product: Adobe Acrobat and Reader
CVE’s/Advisory : CVE-2020-9592CVE-2020-9615
Severity: Critical
Impact: Arbitrary Code Execution, Information Disclosure, Security Feature Bypass, Denial of Service


Product: Adobe DNG Software Development Kit (SDK)
CVE’s/Advisory : CVE-2020-9589, CVE-2020-9590 , CVE-2020-9620CVE-2020-9629
Severity: Critical
Impact: Arbitrary Code Execution, Information Disclosure


SanerNow detects this vulnerability and automatically fixes it by applying security updates. Download SanerNow and keep your systems updated and secure.


Subscribe For Latest Updates

Get the latest research, best practices, industry trends and cybersecurity blogs from SecPod security experts

Invalid email address
We promise not to spam you. You can unsubscribe at any time.
Summary
Author
Publisher Name
SecPod Technologies
Publisher Logo

Leave a Reply

Your email address will not be published. Required fields are marked *