PT-2020-5002 · Adobe · Acrobat Reader
Published
2020-11-03
·
Updated
2021-09-16
·
CVE-2020-24439
CVSS v3.1
2.8
Low
| Vector | AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Acrobat Reader DC for macOS versions 2020.012.20048 and earlier
Acrobat Reader DC for macOS versions 2020.001.30005 and earlier
Acrobat Reader DC for macOS versions 2017.011.30175 and earlier
Description
The issue is related to a security feature bypass in Adobe Reader and Acrobat, which can be exploited to bypass existing security restrictions. This is due to errors in cryptographic signature verification. Although the practical security impact is minimal, a defense-in-depth fix has been implemented to further harden the Adobe Reader update process.
Recommendations
For Acrobat Reader DC for macOS versions 2020.012.20048 and earlier, update to a version that includes the defense-in-depth fix to harden the Adobe Reader update process.
For Acrobat Reader DC for macOS versions 2020.001.30005 and earlier, update to a version that includes the defense-in-depth fix to harden the Adobe Reader update process.
For Acrobat Reader DC for macOS versions 2017.011.30175 and earlier, update to a version that includes the defense-in-depth fix to harden the Adobe Reader update process.
Fix
Improper Verification of Cryptographic Signature
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Acrobat Reader