Security update available for Adobe Acrobat and Reader | APSB20-75
Bulletin ID Date Published Priority
APSB20-75 December 09, 2020 2

Summary

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address an important vulnerability. Successful exploitation could lead toinformation disclosure in the context of the current user. 

Affected Versions

Product Track Affected Versions Platform
Acrobat DC  Continuous 

2020.013.20066 and earlier versions          
Windows & macOS
Acrobat Reader DC Continuous  2020.013.20066 and earlier versions          
Windows & macOS
       
Acrobat 2020
Classic 2020           
2020.001.30010 and earlier versions
Windows & macOS
Acrobat Reader 2020
Classic 2020           
2020.001.30010 and earlier versions
Windows & macOS
       
Acrobat 2017 Classic 2017 2017.011.30180  and earlier versions          
Windows & macOS
Acrobat Reader 2017 Classic 2017 2017.011.30180  and earlier versions          
Windows & macOS

Solution

Adobe recommends users update their software installations to the latest versions by following the instructions below.    

The latest product versions are available to end users via one of the following methods:    

  • Users can update their product installations manually by choosing Help > Check for Updates.     

  • The products will update automatically, without requiring user intervention, when updates are detected.      

  • The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center.     

For IT administrators (managed environments):     

  • Refer to the specific release note version for links to installers.     

  • Install updates via your preferred methodology, such as AIP-GPO, bootstrapper, SCUP/SCCM (Windows), or on macOS, Apple Remote Desktop and SSH.     

   

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:    

Product Track Updated Versions Platform Priority Rating Availability
Acrobat DC Continuous

2020.013.20074      

Windows and macOS 2 Release Notes     
Acrobat Reader DC Continuous 2020.013.20074   

Windows and macOS 2 Release Notes     
           
Acrobat 2020
Classic 2020           
2020.001.30018  
Windows and macOS     
2 Release Notes     
Acrobat Reader 2020
Classic 2020           
2020.001.30018  
Windows and macOS     
2 Release Notes     
           
Acrobat 2017 Classic 2017 2017.011.30188  
Windows and macOS 2 Release Notes     
Acrobat Reader 2017 Classic 2017 2017.011.30188  
Windows and macOS 2 Release Notes     

Vulnerability Details

Vulnerability Category Vulnerability Impact Severity CVE Number
Improper input validation
Information Disclosure
Important 

CVE-2020-29075

Acknowledgements

Adobe would like to thank Gareth Heyes from Portswigger for reporting the relevant issues and for working with Adobe to help protect our customers.