Eleven of the issues addressed are rated as “Critical” given that they allow an attacker to bypass security features on your PC or perform remote code execution.
Of these, twenty-five of the issues addressed are in Acrobat Reader and one is in Lightroom.
Here’s a quick overview of the Reader issues that can now be resolved:
- CVE-2020-9697 – Memory leak that could disclose sensitive data
- CVE-2020-9714 – Privilege escalation and security bypass
- CVE-2020-9693 & CVE-2020-9694 – Arbitrary code execution, out of bounds write
- CVE-2020-9702 & CVE-2020-9703 – App DOS and stack exhaustion
- CVE-2020-9696 & CVE-20209712 – Security bypasses
- CVE-2020-9723, along with:
- CVE-2020-9721 – Information disclosures and out of bounds reads
- CVE-2020-9698, as well as:
- & CVE-2020-9704 – Which are arbitrary code execution issues that exploit buffer errors
- CVE-2020-9715 & CVE-2020-9722 – Arbitrary code execution errors that exploit use after free issues
On the Lightroom front, the issue being addressed by the most recent patch is tracked as CVE-2020-9724, which is a privacy escalation issue taking advantage of an insecure library load.
In any case, even if you’re prone to letting updates go for some time before you download and install them, the latest by Adobe is well worth making a priority. To be sure you’re installing the very latest, grab version 9.3 of Lightroom or the APSB20-51 security update, and for Acrobat Reader, you want the APSB20-48 security update.
Kudos to Adobe for tackling so many thorny issues with these latest patches. Download and install them today.