Security Advisory - May 13, 2020
Zscaler protects against 17 new vulnerabilities for Adobe Acrobat and Reader
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 17 vulnerabilities included in the May 2020 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the May release and deploy additional protections as necessary.
APSB20-24 – Security updates available for Adobe Acrobat and Reader.
Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Affected Software
- Acrobat DC (Continuous) 2020.006.20042 and earlier versions for Windows & macOS
- Acrobat Reader DC (Continuous) 2020.006.20042 and earlier versions for Windows & macOS
- Acrobat 2017 (Classic 2017) 2017.011.30166 and earlier versions for Windows & macOS
- Acrobat Reader 2017 (Classic 2017) 2017.011.30166 and earlier versions for Windows & macOS
- Acrobat 2015 (Classic 2015) 2015.006.30518 and earlier versions for Windows & macOS
- Acrobat Reader 2015 (Classic 2015) 2015.006.30518 and earlier versions for Windows & macOS
CVE-2020-9593 – Invalid Memory Access Vulnerability leading to Information Disclosure.
Severity: Important
CVE-2020-9594 – Out-of-Bounds Write Vulnerability leading to Arbitrary Code Execution.
Severity: Critical
CVE-2020-9595 – Invalid Memory Access Vulnerability leading to Information Disclosure.
Severity: Important
CVE-2020-9598 – Invalid Memory Access Vulnerability leading to Information Disclosure.
Severity: Important
CVE-2020-9599 – Out-of-bounds read Vulnerability leading to Information Disclosure.
Severity: Important
CVE-2020-9600 – Out-of-bounds read Vulnerability leading to Information Disclosure.
Severity: Important
CVE-2020-9602 – Out-of-bounds read Vulnerability leading to Information Disclosure.
Severity: Important
CVE-2020-9603 – Out-of-bounds read Vulnerability leading to Information Disclosure.
Severity: Important
CVE-2020-9604 – Buffer Error Vulnerability leading to Arbitrary Code Execution.
Severity: Critical
CVE-2020-9605 – Buffer Error Vulnerability leading to Arbitrary Code Execution.
Severity: Critical
CVE-2020-9606 – Use After Free Vulnerability leading to Arbitrary Code Execution.
Severity: Critical
CVE-2020-9607 – Use After Free Vulnerability leading to Arbitrary Code Execution.
Severity: Critical
CVE-2020-9608 – Out-of-bounds read Vulnerability leading to Information Disclosure.
Severity: Important
CVE-2020-9609 – Out-of-bounds read Vulnerability leading to Information Disclosure.
Severity: Important
CVE-2020-9610 – Null Pointer Vulnerability leading to Application Denial-of-Service.
Severity: Important
CVE-2020-9611 – Stack Exhaustion Vulnerability leading to Application Denial of Service.
Severity: Important
CVE-2020-9612 –Heap Overflow Vulnerability leading to Arbitrary Code Execution.
Severity: Important