Another security breach from this infamous software

A lot of people have a complicated relationship with Adobe Acrobat Reader. On the one hand, it's an undeniably useful piece of software and one of the most widely installed and used on the planet.

There's simply a no better and more convenient way to view PDFs, no matter what kind of device you're using.

On the other hand, the Acrobat Reader is notoriously riddled with bugs and security flaws, and Adobe is forever playing defense. They're gamely trying to patch each new issue as it is discovered. Recently, the company released a major patch that addresses a total of fourteen different security flaws, with ten of the fourteen being rated as either critical or important.

Here's a quick overview of the flaws that are addressed

  • CVE-2020-24435 - Critical - Arbitrary Code Execution
  • CVE-2020-24433 - Important - Local Privilege Escalation
  • CVE-2020-24432 - Important - Arbitrary JavaScript Execution
  • CVE-2020-24439 - Moderate - Minimal (defense in depth) Fix
  • CVE-2020-24429 - Important - Local Privilege Escalation
  • CVE-2020-24427 - Important - Improper Information Disclosure
  • CVE-2020-24431 - Important - Dynamic Library Injection
  • CVE-2020-24436 - Critical - Arbitrary Code Execution
  • CVE-2020-24426 - Moderate - Improper Information Disclosure
  • CVE-2020-24434 - Moderate - Improper Information Disclosure
  • CVE-2020-24428 - Important - Local Privilege Escalation
  • CVE-2020-24430 - Critical - Arbitrary Code Execution
  • CVE-2020-24437 - Critical - Arbitrary Code Execution
  • And CVE-2020-24438 - Moderate - Improper Information Disclosure

Needless to say, this is a big, important patch. Even if you don't normally make Acrobat Reader updates a priority, this should be an exception to that rule. The faster you get all copies of the software updated on your network, the safer and more secure your system will be.

NOTE: The link is to a Lifehacker article that shows you what to do to update

Our perspective

Hopefully, the day will come when Adobe can stop playing defense and the pace of newly discovered security issues will begin to slow to a trickle. Until that happens though, kudos to Adobe for their fast action and continued efforts to plug the security holes in their widely used Reader software.

~ As Hill Street Blues' Sgt. Esterhaus always advised: "Hey, let's be careful out there!" ~

 

By Denis Wilson and Melissa Stockwell

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT Support

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPIA Blogs. You can find me on LinkedIn, Facebook, and Twitter.

I am also a published author and speaker in cloud computing and cybersecurity, working extensively with business and professional associations to provide small business technology education programs. Contact me if you would like me to speak at your association