Adobe has urged users to upgrades their systems with a series of out-of-band updates for PDF services Reader and Acrobat, which deliver fixes for a selection of serious security vulnerabilities.
The updates address fourteen security issues in all, three of which have been classified as “critical” by the Common Vulnerability Scoring System (CVSS), six are regarded as “important” and the remainder are said to pose a “moderate” threat.
The release covers a number of different product iterations: Adobe Acrobat DC, Acrobat Reader DC, Acrobat 2020, Acrobat 2017 and Acrobat Reader for macOS and Windows.
To shield against potential security threats, users of both Adobe Reader and Acrobat are advised to update to the latest versions immediately.
Adobe risk
According to a notice published by Adobe, the three most severe vulnerabilities could allow an attacker to perform remote code execution on the target device.
In simple terms, this means a hacker could exploit the bugs to run code that lets them seize control of the affected system. Once inside, attackers also often attempt to elevate their privileges to administrator level, giving them unqualified access to files, settings and more.
In many cases, the necessary Adobe Reader and Acrobat updates will be installed automatically once detected, but the firm has advised users to check for updates manually via the Help menu to expedite the process.
Traditionally, Adobe delivers updates and security fixes on a regular monthly basis, observing the Patch Tuesday tradition followed by a number of its technology sector peers. Releasing a security update outside this regular pattern, then, usually signals an urgent problem.
However, asked about the reason behind the divergence from schedule, a company spokesperson gave little away.
“While Adobe strives to release regularly scheduled updates on Update/Patch Tuesday, occasionally those regularly scheduled security updates are released on non-Update/Patch Tuesday dates,” they said.
“The November 2020 release of Adobe Reader and Acrobat is a standard product release that includes new product features as well as fixes for bugs and security vulnerabilities.”
Via The Register