“The November 2020 release of Adobe Reader and Acrobat is a standard product release that includes new product features as well as fixes for bugs and security vulnerabilities.”īeyond critical-severity flaws, Adobe also patched important-severity vulnerabilities tied to six CVEs. However, “While Adobe strives to release regularly scheduled updates on update Tuesday, occasionally those regularly scheduled security updates are released on non-update Tuesday dates,” an Adobe spokesperson said. Typically Adobe releases its regularly scheduled updates on the second Tuesday of the month.
The bugs are part of Adobe’s regularly scheduled patches, which overall patched critical-, important- and moderate-severity vulnerabilities tied to 14 CVEs. These critical flaws include a heap-based buffer overflow (CVE-2020-24435), out-of-bounds write glitch (CVE-2020-24436) and two use-after free flaws (CVE-2020-24430 and CVE-2020-24437). The vulnerabilities could be exploited to execute arbitrary code on affected products.
Adobe has fixed critical-severity flaws tied to four CVEs in the Windows and macOS versions of its Acrobat and Reader family of application software services.
