Adobe Acrobat and Reader Improper Certificate Validation Vulnerability Allowing Security Feature Bypass
Vulnerability
A vulnerability allowing improper certificate validation has been identified in Adobe Acrobat and Acrobat Reader. This issue affects versions through 25.001.21265 of Acrobat DC and Acrobat Reader DC, as well as versions through 24.001.30307 on Windows and 24.001.30308 on macOS in Acrobat 2024. The vulnerability could lead to a security feature bypass, allowing an attacker to spoof the identity of a signer. Exploitation of this vulnerability requires user interaction.
Impact
Exploitation of this vulnerability could result in a security feature bypass, allowing for the spoofing of a signer's identity.
Remediation
Users are advised to update to the latest versions of Adobe Acrobat or Acrobat Reader. The latest versions can be downloaded manually or via the Adobe Update mechanism. For IT administrators, updates are available through preferred deployment methods. Detailed update instructions can be found in the Adobe Security Bulletin APSB26-26.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.