HomeTech

Was that November’s Patch Tuesday? Already? Oh, no, it’s just Adobe issuing 14 emergency security fixes • The Register

Was that November’s Patch Tuesday? Already? Oh, no, it’s just Adobe issuing 14 emergency security fixes • The Register
Like Tweet Pin it Share Email

Adobe released updated versions of its Acrobat and Reader software on Tuesday that fix fourteen vulnerabilities, four of which are considered critical. These updates should be installed as soon as possible to close the safety holes.

The safety bulletin (APSB20-67) applies to DC Acrobat, DC Acrobat Reader, Acrobat 2020, Acrobat Reader 2020, Acrobat 2017, and Acrobat Reader 2017 for macOS and Windows.

The checkbox corresponds to fourteen CVEs :

Vulnerability category Effects of vulnerability Severity CVE number
Hope-based buffer overflow Running any code Critical situation CVE-2020-24435
Incorrect access control Escalation of local privileges Important place CVE-2020-24433
Incorrect input check Random JavaScript execution Important place CVE-2020-24432
Circumventing signature verification Minimum (definition of depth of protection) Moderate CVE-2020-24439
Circumventing signature verification Escalation of local privileges Important place CVE-2020-24429
Incorrect input check provision of information Important place CVE-2020-24427
Bypassing the safety function Dynamic library injection Important place CVE-2020-24431
outgoing mail Running any code Critical situation CVE-2020-24436
late measurement provision of information Moderate CVE-2020-24426

CVE-2020-24434

Condition of the race Escalation of local privileges Important place CVE-2020-24428
Free Running any code Critical situation CVE-2020-24430

CVE-2020-24437

Free provision of information Moderate CVE-2020-24438

None of the VECs identified so far have been named by the CERT/CC vulnonym bot, which intrigues us. At the time of publication of this article, the latest version of the CVE, called IBM App Connect Enterprise Certified Container Click Hijacking Bug (CVE-2020-4785). (The mouflon, in case you’re wondering, is a wild sheep associated with the islands of Corsica and Sardinia).

Assortment of patches

Oracle fixes a serious bug in WebLogic Server that could be used without entering a username and password

LEARN MORE

Four critical vulnerabilities could allow the random execution of code in the context of the current user if they are successfully exploited, Adobe said in its newsletter. This is certainly not desirable from a security point of view, so anyone using the relevant Adobe software would do well to update it immediately.

Vulnerabilities that are considered significant and moderate should not be considered problematic. Among other things, they may allow privilege escalation, random JavaScript execution, and disclosure of information.

Read Also: 14 Best Document Management Software of 2020

Adobe usually issues patches on Tuesdays, a day observed by many technology companies, which falls on the second Tuesday of each month. When Register asked Adobe why it chose to release an out-of-band patch on the first Tuesday of the month, a company spokesperson replied that it sometimes happens, but gave no explanation.

While Adobe tends to release regularly scheduled updates for Tuesday’s update/patch, these regularly scheduled security updates are sometimes released on dates unrelated to Tuesday’s update/patch, the spokesperson said.

The standard version of Adobe Reader and Acrobat from November 2020 contains new features, bug fixes, and security fixes. ®