In a release, Adobe points out the flaws could allow bad actors to exploit the apps and create arbitrary code. The four vulnerabilities are:

A heap-based buffer overflow (CVE-2020-24435) Out-of-bounds write glitch (CVE-2020-24436) A pair of use-after free flaws (CVE-2020-24430 and CVE-2020-24437)

Adobe rolled out fixes for the flaws as part of its usual patch cycle. These occur on the second Tuesday of the month, but this time the company has sent out it monthly fixes out of schedule: “While Adobe strives to release regularly scheduled updates on update Tuesday, occasionally those regularly scheduled security updates are released on non-update Tuesday dates,” the company says. “The November 2020 release of Adobe Reader and Acrobat is a standard product release that includes new product features as well as fixes for bugs and security vulnerabilities.”

Affected Versions

In its release note, Adobe says the following Acrobat DC and Reader DC Continuous versions are affected: 2020.012.20048 and earlier on Windows and Mac, Classic 2020 versions 2020.001.20005 and earlier on Windows and Mac, and Classic 2017 versions 2017.011.30175 and earlier on Windows and Mac. “There are currently no known exploits,” the company adds. “Based on previous experience, we do not anticipate exploits are imminent. As a best practice, Adobe recommends administrators install the update soon (for example, within 30 days).” As always for Windows and Mac users, the remedy for avoiding these vulnerabilities is to update the affected products. Adobe and Microsoft are long-term partners. In 2019, Adobe said it is in collaboration with Avanade, a company shared by Microsoft and Accenture. Adobe Experience Cloud will now integrate with Microsoft Dynamics 365. In October, Microsoft announced a new partnership with Adobe and C3.ai for the launch of a Microsoft Dynamic 365 powered solution known as C3 AI CRM. According to Microsoft, the tool is the first of its kind to integrate Dynamics 365 and Adobe Cloud Experience with C3.ai solutions.

Adobe Patches Severe Flaw in Windows and Mac Versions of Reader and Acrobat - 36Adobe Patches Severe Flaw in Windows and Mac Versions of Reader and Acrobat - 69Adobe Patches Severe Flaw in Windows and Mac Versions of Reader and Acrobat - 5Adobe Patches Severe Flaw in Windows and Mac Versions of Reader and Acrobat - 25Adobe Patches Severe Flaw in Windows and Mac Versions of Reader and Acrobat - 77