Adobe has recently announced that it has patched 26 critical vulnerabilities in its products, including Acrobat and Reader. There are also 11 severe flaws that malicious actors can exploit easily for arbitrary code execution and bypass the security features. Most of the critical bugs have been depicted as out-of-bounds write, buffer error issues, and use-after-free.
These vulnerabilities affect the Windows as well as macOS versions of Acrobat DC, Acrobat 2020, Acrobat 2017, Acrobat 2015, Acrobat Reader 2020, Acrobat Reader DC, Acrobat Reader 2017, and Acrobat Reader 2015.
The other patched vulnerabilities have been rated significant – as they could lead to memory leaks, information disclosure, privilege escalation, and denial-of-service (DoS).
Source: Securityweek