CVE-2024-39425

Name of the Vulnerable Software and Affected Versions: Acrobat Reader versions 20.005.30636 through 24.002.20965 and earlier

Description: The issue is related to a Time-of-check Time-of-use (TOCTOU) Race Condition that could lead to privilege escalation. Exploitation requires local low-privilege access to the affected system and has high attack complexity. It is also described as an improper verification of cryptographic signature vulnerability, allowing attackers to escalate privileges. The vulnerability is associated with synchronization errors when using a shared resource.

Recommendations: For versions 20.005.30636 and earlier, update to a version later than 24.002.20965 to resolve the issue. For versions 24.002.20964 and 24.002.20965, update to a version later than 24.002.20965 to resolve the issue. For versions 24.001.30123 and earlier, update to a version later than 24.002.20965 to resolve the issue. As a temporary workaround, consider restricting access to shared resources to minimize the risk of exploitation.