Zscaler Security Advisories

Security Advisory - August 11, 2020

Zscaler protects against 7 new vulnerabilities for Adobe Acrobat and Reader.

Updated: August 12, 2020. Added CVE-2020-9697

Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 7 vulnerabilities included in the August 2020 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the August release and deploy additional protections, as necessary.

APSB20-48 – Security updates available for Adobe Acrobat and Reader.

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Affected Software

  • Acrobat DC Continuous 2020.009.20074 and earlier versions for Windows & macOS
  • Acrobat Reader DC Continuous 2020.009.20074 and earlier versions for Windows & macOS
  • Acrobat 2020 Classic 2020 2020.001.30002 for Windows & macOS
  • Acrobat Reader 2020 Classic 2020 2020.001.30002 for Windows & macOS
  • Acrobat 2017 Classic 2017 2017.011.30171 and earlier versions for Windows & macOS
  • Acrobat Reader 2017 Classic 2017 2017.011.30171 and earlier versions for Windows & macOS
  • Acrobat 2015 Classic 2015 2015.006.30523 and earlier versions for Windows & macOS
  • Acrobat Reader 2015 Classic 2015 2015.006.30523 and earlier versions for Windows & macOS

CVE-2020-9698 – Buffer error leading to Arbitrary Code Execution.
Severity: Critical

CVE-2020-9699 – Buffer error leading to Arbitrary Code Execution.
Severity: Critical

CVE-2020-9701 – Buffer error leading to Arbitrary Code Execution.
Severity: Critical

CVE-2020-9702 – Stack exhaustion leading to Application denial-of-service.
Severity: Important

CVE-2020-9703 – Stack exhaustion leading to Application denial-of-service.
Severity: Important

CVE-2020-9704 – Buffer error leading to Arbitrary Code Execution.
Severity: Critical

CVE-2020-9697 – Memory leak vulnerability leading to Disclosure of Sensitive Data.
Severity: Important