Important security updates for Acrobat and Acrobat Reader
Adobe has also closed several vulnerabilities in the SDK for the DNG converter. The Flash Player also receives an update.
Adobe has eliminated 24 vulnerabilities in the Acrobat and Reader and addressed 12 issues in the DNG Software Development Kit (SDK). None of these vulnerabilities have been exploited for attacks so far. There is also an update for the Flash Player available (126.96.36.1991).
Some of the fixed security vulnerabilities in Acrobat and Acrobat Reader have been marked as critical. An attacker could exploit seven of these gaps to inject arbitrary code into a prepared PDF file and execute it with user rights. The other five critical gaps allow security features to be bypassed.
To address these security vulnerabilities, Adobe has released new versions of its PDF tools for Windows and macOS: Acrobat and Acrobat Reader DC 2020.009.20063, Acrobat and Acrobat Reader 2017 2017.011.30171 and Acrobat and Acrobat Reader 2015 2015.006.30523.
Adobes free DNG converter can convert RAW photos from various camera systems into a format that can be read by many applications (DNG: digital negatives) without loss of quality. The associated SDK (Software Development Kit) for Windows and macOS has up to and including version 1.5 12 security issues, four of which Adobe classified as critical. With maliciously crafted files, an attacker could inject and execute arbitrary code. The new SDK version 1.5.1 can help.
The current Adobe Security Bulletins can be found on this page from the manufacturer.
Please make sure to keep your Adobe software up to date!