Adobe Acrobat and Reader Improper Verification of Cryptographic Signature Vulnerability Allowing Security Feature Bypass
Vulnerability
A vulnerability allowing improper verification of cryptographic signatures has been identified in Adobe Acrobat and Reader. This issue affects multiple versions, including Acrobat Reader versions through 25.001.20982, Acrobat DC versions through 25.001.20982, Acrobat 2024 versions through 24.001.30273, and Acrobat 2020 versions through 20.005.30803. The vulnerability could lead to a security feature bypass, allowing limited unauthorized write access. Exploitation of this vulnerability does not require user interaction.
Impact
Exploitation of this vulnerability could result in a security feature bypass, allowing limited unauthorized write access.
Remediation
Users are advised to update to the latest versions of Adobe Acrobat or Reader. The latest versions can be downloaded from the Adobe Acrobat Reader Download Center or via the Adobe Update mechanism. For IT administrators, updates are available through various deployment methods, including SCUP/SCCM on Windows or Apple Remote Desktop and SSH on macOS.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.