Bulletin ID
Cập nhật gần đây nhất vào
26 thg 12, 2022
Security update available for Adobe Acrobat and Reader | APSB20-05
|
|
Date Published |
Priority |
|---|---|---|
|
APSB20-05 |
February 11, 2020 |
2 |
Summary
Affected Versions
|
Track |
Affected Versions |
Platform |
|
|
Acrobat DC |
Continuous |
2019.021.20061 and earlier versions |
Windows & macOS |
|
Acrobat Reader DC |
Continuous |
2019.021.20061 and earlier versions |
Windows & macOS |
|
|
|
|
|
|
Acrobat 2017 |
Classic 2017 |
2017.011.30156 and earlier versions |
Windows |
|
Acrobat Reader 2017 |
Classic 2017 |
2017.011.30156 and earlier versions |
macOS |
|
|
|
|
|
|
Acrobat 2015 |
Classic 2015 |
2015.006.30508 and earlier versions |
Windows & macOS |
|
Acrobat Reader 2015 |
Classic 2015 |
2015.006.30508 and earlier versions |
Windows & macOS |
Solution
Adobe recommends users update their software installations to the latest versions by following the instructions below.
The latest product versions are available to end users via one of the following methods:
Users can update their product installations manually by choosing Help > Check for Updates.
The products will update automatically, without requiring user intervention, when updates are detected.
The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center.
For IT administrators (managed environments):
Download the enterprise installers from ftp://ftp.adobe.com/pub/adobe/, or refer to the specific release note version for links to installers.
Install updates via your preferred methodology, such as AIP-GPO, bootstrapper, SCUP/SCCM (Windows), or on macOS, Apple Remote Desktop and SSH.
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:
|
Track |
Updated Versions |
Platform |
Priority Rating |
Availability |
|
|
Acrobat DC |
Continuous |
2020.006.20034 |
Windows and macOS |
2 |
|
|
Acrobat Reader DC |
Continuous |
2020.006.20034 |
Windows and macOS |
2 |
|
|
|
|
|
|
|
|
|
Acrobat 2017 |
Classic 2017 |
2017.011.30158 |
Windows and macOS |
2 |
|
|
Acrobat Reader 2017 |
Classic 2017 |
2017.011.30158 |
Windows and macOS |
2 |
|
|
|
|
|
|
|
|
|
Acrobat 2015 |
Classic 2015 |
2015.006.30510 |
Windows and macOS |
2 |
|
|
Acrobat Reader 2015 |
Classic 2015 |
2015.006.30510 |
Windows and macOS |
2 |
Vulnerability Details
|
Vulnerability Impact |
Severity |
CVE Number |
|
|---|---|---|---|
|
Out-of-Bounds Read |
Information Disclosure |
Important |
CVE-2020-3744 CVE-2020-3747 CVE-2020-3755 |
|
Heap Overflow |
Arbitrary Code Execution |
Critical |
CVE-2020-3742 |
|
Buffer Error |
Arbitrary Code Execution |
Critical |
CVE-2020-3752 CVE-2020-3754 |
|
Use After Free |
Arbitrary Code Execution |
Critical |
CVE-2020-3743 CVE-2020-3745 CVE-2020-3746 CVE-2020-3748 CVE-2020-3749 CVE-2020-3750 CVE-2020-3751 |
|
Stack exhaustion |
Memory Leak |
Moderate |
CVE-2020-3753 CVE-2020-3756 |
|
Privilege Escalation |
Arbitrary file system write |
Critical |
CVE-2020-3762 CVE-2020-3763 |
Acknowledgements
Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:
- Zhiyuan Wang and willJ from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. (CVE-2020-3747)
- Ke Liu of Tencent Security Xuanwu Lab (CVE-2020-3755)
- Xinyu Wan, Yiwei Zhang and Wei You from Renmin University of China (CVE-2020-3743, CVE-2020-3745, CVE-2020-3746, CVE-2020-3749, CVE-2020-3750, CVE-2020-3752, CVE-2020-3754)
- Xu Peng and Su Purui from TCA/SKLCS Institute of Software Chinese Academy of Sciences working with Trend Micro Zero Day Initiative (CVE-2020-3748)
- Aleksandar Nikolic of Cisco Talos. (CVE-2020-3744)
- StackLeader @0x140ce @Jdddong @ppdonow (CVE-2020-3742)
- Haiku Xie of Baidu Security Lab. (CVE-2020-3756, CVE-2020-3753)
- Sooraj K S (@soorajks) of McAfee (CVE-2020-3751)
- Csaba Fitzl (@theevilbit) working with iDefense Labs (CVE-2020-3762, CVE-2020-3763)
