Adobe Critical Security Updates May 2020

Adobe had released security updates providing fixes for 16 critical vulnerabilities in Adobe Acrobat, Reader, and Adobe DNG Software Development Kit. A total of 36 security bugs were patched in this release. The critical vulnerabilities could allow the attackers to execute arbitrary code or bypass the target machine’s security features. These flaws affect Windows and Mac OS X.

At the time of the release of these updates, none of the vulnerabilities reported were being exploited in the wild.

There are 24 vulnerabilities out of which 12 are classified as “critical” as they allow arbitrary code execution and security features bypass. Remaining vulnerabilities that could be exploited to disclose sensitive information are classified as ‘Important‘.

• Multiple vulnerabilities are discovered in Adobe Acrobat and Reader. The exploitation of these vulnerabilities could lead to arbitrary code execution, security feature bypass, and information disclosure.
• The attacker can gain the privileges of logged on user as a result of the critical vulnerabilities like Out-of-Bounds Write, Heap Overflow, Null Pointer, Use After Free, or Stack-based Buffer Overflow.
• For successful exploitation of the vulnerabilities, an attacker needs to be logged into the system with the least privileges. The impact of the attack depends on the logged-on user rights since the same privileges will be used to perform various actions like installing a program, view, or delete information in the system.

Adobe DNG SDK provides support for reading and writing Digital Negative Raw files. It also supports converting DNG data into a format easily displayed or processed by imaging applications. There are 12 vulnerabilities that were fixed in Adobe DNG Software Development Kit(SDK) out of which 4 are classified as “critical” as they allow arbitrary code execution, with the rest being classified as ‘Important‘ that could be exploited to disclose sensitive information.

• The exploitation of these vulnerabilities can lead to remote code execution and information disclosure.
• Successful exploitation of Heap Overflow and Out-of-Bounds Read vulnerabilities could allow an attacker to execute arbitrary code and disclose sensitive information under the context of the logged-in user.
• For successful exploitation of the vulnerabilities, an attacker needs to be logged into the system with the least privileges and perform various actions like installing a program, view, or delete information in the system.

We strongly recommend users of Adobe products to install the security updates as soon as possible.

Product: Adobe Acrobat and ReaderCVE’s/Advisory : CVE-2020-9592 – CVE-2020-9615Severity: CriticalImpact: Arbitrary Code Execution, Information Disclosure, Security Feature Bypass, Denial of Service

Product: Adobe DNG Software Development Kit (SDK)CVE’s/Advisory : CVE-2020-9589, CVE-2020-9590 , CVE-2020-9620 – CVE-2020-9629Severity: CriticalImpact: Arbitrary Code Execution, Information Disclosure

SanerNow detects this vulnerability and automatically fixes it by applying security updates. Download SanerNow and keep your systems updated and secure.