Adobe Addresses 14 Flaws in their security showing yet again; Adobe is forever playing defense. Even though Adobe gamely tries to patch each new issue, the company recently released a significant patch that addresses fourteen different security flaws. Ten of the 14 security flaws addressed by Adobe is either critical or essential.
Here’s a quick overview of the 14 security flaws Adobe addresses with the latest patch:
- CVE-2020-24435 – Critical – Arbitrary Code Execution
- CVE-2020-24433 – Important – Local Privilege Escalation
- CVE-2020-24432 – Important – Arbitrary JavaScript Execution
- CVE-2020-24439 – Moderate – Minimal (defense in depth) Fix
- CVE-2020-24429 – Important – Local Privilege Escalation
- CVE-2020-24427 – Important – Improper Information Disclosure
- CVE-2020-24431 – Important – Dynamic Library Injection
- CVE-2020-24436 – Critical – Arbitrary Code Execution
- CVE-2020-24426 – Moderate – Improper Information Disclosure
- CVE-2020-24434 – Moderate – Improper Information Disclosure
- CVE-2020-24428 – Important – Local Privilege Escalation
- CVE-2020-24430 – Critical – Arbitrary Code Execution
- CVE-2020-24437 – Critical – Arbitrary Code Execution
- And CVE-2020-24438 – Moderate – Improper Information Disclosure
The action taken by Adobe to address the 14 security flaws is a big, necessary patch. Even if you don’t usually make Acrobat Reader updates a priority, this should be an exception to that rule. The faster you get all copies of the software updated on your network; the safer and more secure your system will be.
Hopefully, the day will come when Adobe security can stop playing defense with their security flaws, and the pace of newly discovered security issues will begin to slow to a trickle. Until that happens, though, kudos to Adobe for their fast action with addressing their security flaws and continuing efforts to plug the security holes in their widely used Reader software.
