High Threat Security Alert (A24-09-11): Multiple Vulnerabilities in Adobe Reader/Acrobat


 

Published on: 11 September 2024

Last update on: 12 September 2024

  
  

Description:

Patches are released for Adobe Reader and Acrobat to address multiple vulnerabilities. A remote attacker would entice a targeted user to open a specially crafted PDF file to exploit the vulnerabilities.

Reports indicate that the proof-of-concept (PoC) for the remote code execution vulnerability (CVE-2024-41869) in Adobe Reader and Acrobat is publicly available. System administrators and users are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

 

Affected Systems:

  • Acrobat DC (for Windows) Continuous 24.003.20054 and earlier versions
  • Acrobat DC (for macOS) Continuous 24.002.21005 and earlier versions
  • Acrobat Reader DC (for Windows) Continuous 24.003.20054 and earlier versions
  • Acrobat Reader DC (for macOS) Continuous 24.002.21005 and earlier versions
  • Acrobat 2024 (for Windows and macOS) Classic 2024 24.001.30159 and earlier versions
  • Acrobat 2020 (for Windows and macOS) Classic 2020 20.005.30655 and earlier versions
  • Acrobat Reader 2020 (for Windows and macOS) Classic 2020 20.005.30655 and earlier versions

 

Impact:

Successful exploitation of the vulnerabilities could lead to arbitrary code execution on an affected system.

 

Recommendation:

Users of affected systems should update the Adobe Reader and Acrobat to the following versions to address the issues. The updates can be obtained by using the auto-update mechanism or by downloading at the following URLs:

  • Acrobat DC (for Windows and macOS) Continuous 24.003.20112
    https://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotesDC/index.html#continuous-track
  • Acrobat Reader DC (for Windows and macOS) Continuous 24.003.20112
    https://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotesDC/index.html#continuous-track
  • Acrobat 2024 (for Windows and macOS) Classic 2024 24.001.30187
    https://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotesDC/index.html#acrobat-classic-track
  • Acrobat 2020 (for Windows and macOS) Classic 2020 20.005.30680
    https://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotesDC/index.html#classic-track
  • Acrobat Reader 2020 (for Windows and macOS) Classic 2020 20.005.30680
    https://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotesDC/index.html#classic-track

 

More Information:

  • https://helpx.adobe.com/security/products/acrobat/apsb24-70.html
  • https://www.hkcert.org/security-bulletin/adobe-monthly-security-update-september-2024
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41869
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45112


Tag: Adobe , Acrobat , Acrobat Reader , Adobe Reader
Tags