A lot of people have a complicated relationship with Adobe Acrobat reader.
On the one hand, it’s an undeniably useful piece of software and one of the most widely installed and used on the planet.
There’s simply no better and more convenient way to view PDFs, no matter what kind of device you’re using.
On the other hand, the Acrobat Reader is notoriously riddled with bugs and security flaws, and Adobe is forever playing defense. They’re gamely trying to patch each new issue as it is discovered. Recently, the company released a major patch that addresses a total of fourteen different security flaws, with ten of the fourteen being rated as either critical or important.
Here’s a quick overview of the flaws that are addressed by the latest patch:
- CVE-2020-24435 – Critical – Arbitrary Code Execution
- CVE-2020-24433 – Important – Local Privilege Escalation
- CVE-2020-24432 – Important – Arbitrary JavaScript Execution
- CVE-2020-24439 – Moderate – Minimal (defense in depth) Fix
- CVE-2020-24429 – Important – Local Privilege Escalation
- CVE-2020-24427 – Important – Improper Information Disclosure
- CVE-2020-24431 – Important – Dynamic Library Injection
- CVE-2020-24436 – Critical – Arbitrary Code Execution
- CVE-2020-24426 – Moderate – Improper Information Disclosure
- CVE-2020-24434 – Moderate – Improper Information Disclosure
- CVE-2020-24428 – Important – Local Privilege Escalation
- CVE-2020-24430 – Critical – Arbitrary Code Execution
- CVE-2020-24437 – Critical – Arbitrary Code Execution
- And CVE-2020-24438 – Moderate – Improper Information Disclosure
Needless to say, this is a big, important patch. Even if you don’t normally make Acrobat Reader updates a priority, this should be an exception to that rule. The faster you get all copies of the software updated on your network, the safer and more secure your system will be.
Hopefully, the day will come when Adobe can stop playing defense and the pace of newly discovered security issues will begin to slow to a trickle. Until that happens though, kudos to Adobe for their fast action and continued efforts to plug the security holes in their widely used Reader software.