Mac Admin

Security Updates released for Adobe Acrobat Reader DC and Adobe Acrobat DC

On Tuesday 12th May, Adobe released critical updates for Adobe Acrobat Reader DC and Adobe Acrobat DC. These patch a vulnerability that allows an attacker to gain arbitrary code execution, with some reports claiming this to be as root.

Affected Versions

Adobe list the following as affected versions for both macOS and Windows:

ProductAffect Versions
Acrobat DC (Continuous)2020.006.20042 and earlier versions 
Acrobat Reader DC (Continuous)2020.006.20042 and earlier versions 
Acrobat 2017 (Classic 2017)2017.011.30166  and earlier versions 
Acrobat Reader 2017 (Classic 2017)2017.011.30166  and earlier versions 
Acrobat 2015 (Classic 2015)2015.006.30518 and earlier versions
Acrobat Reader 2015 (Classic 2015)2015.006.30518 and earlier versions

Patching Affected Versions

To patch Acrobat Reader DC, I’d strongly suggest using the AutoPKG recipe to package this up. You can find the recipes for this here.

To patch Acrobat DC, you’ll need to either:

  • Use Remote Update Manager (RUM) to install the update; or
  • Create an updated package from the Adobe Admin console.

Surprisingly, there is an issue with the Adobe Admin Console when it comes to Acrobat DC…well two issues:

1) The latest version listed for Acrobat DC is currently always v20.0, despite the version being 20.00X.XXXXX

The actual version is 20.006.20034!

2) Any existing packages created in the Admin console for Acrobat DC will show as “Up to date”, even if they’re not!

In this scenario, I’d suggest re-creating your package for Acrobat DC just in case to ensure you have a package for a patched version.

Note: These two issues have been logged with Adobe as of today (14th May 2020) so hopefully should be resolved at some point!

More Information

For more information, check out the following links:

Standard

2 thoughts on “Security Updates released for Adobe Acrobat Reader DC and Adobe Acrobat DC

  1. FYI – it would appear that there’s even a slightly newer version available just 2 days later … 20.009.20063. Just downloaded and that’s what I got.

    Like

Comments are closed.