Critical Vulnerabilities in Adobe Acrobat, Reader and DNG Software Development Kit

Published on 14 May 2020

Updated on 14 May 2020

Adobe has released security updates addressing critical and important vulnerabilities in Adobe Acrobat, Reader and DNG Software Development Kit (SDK), out of which 16 are rated as critical.

These updates resolve vulnerabilities such as Heap Overflow, Race Condition, Out-of-bounds write, Buffer error and Use-after-free. Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code on the underlying operating system.

Affected products include

  • Acrobat DC Continuous and Reader DC Continuous (2020.006.20042 and earlier versions) in Windows and macOS
  • Acrobat Classic 2017 and Acrobat Reader Classic 2017 (2017.011.30166 and earlier versions) in Windows and macOS
  • Acrobat Classic 2015 and Acrobat Reader Classic 2015 (2015.006.30518 and earlier versions) in Windows and macOS
  • Adobe DNG Software Development Kit (1.5 and earlier versions) in Windows

Administrators and users of affected products are advised to update to the latest versions immediately.

More information is available at:

https://helpx.adobe.com/security/products/acrobat/apsb20-24.html

https://helpx.adobe.com/security/products/dng-sdk/apsb20-26.html