Adobe has urged users to upgrades their systems with a series of out-of-band updates for PDF (opens in new tab) services Reader and Acrobat (opens in new tab), which deliver fixes for a selection of serious security vulnerabilities.
The updates address fourteen security issues in all, three of which have been classified as “critical” by the Common Vulnerability Scoring System (CVSS), six are regarded as “important” and the remainder are said to pose a “moderate” threat.
The release covers a number of different product iterations: Adobe Acrobat DC, Acrobat Reader DC, Acrobat 2020, Acrobat 2017 and Acrobat Reader for macOS and Windows.
- We've built a list of the best antivirus (opens in new tab) services around
- Check out our list of the best laptops for photo editing (opens in new tab) right now
- Here's our list of the best malware removal (opens in new tab) software out there
To shield against potential security threats, users of both Adobe Reader and Acrobat are advised to update to the latest versions immediately.
Adobe risk
According to a notice (opens in new tab) published by Adobe, the three most severe vulnerabilities could allow an attacker to perform remote code execution on the target device.
In simple terms, this means a hacker could exploit the bugs to run code that lets them seize control of the affected system. Once inside, attackers also often attempt to elevate their privileges to administrator level, giving them unqualified access to files, settings and more.
In many cases, the necessary Adobe Reader and Acrobat updates will be installed automatically once detected, but the firm has advised users to check for updates manually via the Help menu to expedite the process.
Traditionally, Adobe delivers updates and security fixes on a regular monthly basis, observing the Patch Tuesday tradition followed by a number of its technology sector peers. Releasing a security update outside this regular pattern, then, usually signals an urgent problem.
However, asked about the reason behind the divergence from schedule, a company spokesperson gave little away.
“While Adobe strives to release regularly scheduled updates on Update/Patch Tuesday, occasionally those regularly scheduled security updates are released on non-Update/Patch Tuesday dates,” they said.
“The November 2020 release of Adobe Reader and Acrobat is a standard product release that includes new product features as well as fixes for bugs and security vulnerabilities.”
- Here's our list of the best cloud storage for photos (opens in new tab)
Via The Register (opens in new tab)
