Adobe Product Security Update Advisory (CVE-2024-39420)

Overview

 

An update has been released to address vulnerabilities in Adobe Products. Users of the affected versions are advised to update to the latest version.

 

Affected Products

 

CVE-2024-39420

• Acrobat DC versions: ~ 24.002.20991 (inclusive) (Windows)
• Acrobat DC versions: ~ 24.002.20964 (inclusive) (MacOS)

 

• Acrobat Reader DC versions: ~ 24.002.20991 (inclusive) (Windows)
• Acrobat Reader DC versions: ~ 24.002.20964 (inclusive) (MacOS)

 

• Acrobat 2024 versions: ~ 24.001.30123 (inclusive) (Windows, MacOS)

 

• Acrobat 2020 versions: ~ 20.005.30636 (inclusive) (Windows)
• Acrobat 2020 versions: ~ 20.005.30635 (inclusive) (MacOS)

 

• Acrobat Reader 2020 versions: ~ 20.005.30636 (inclusive) (Windows)
• Acrobat Reader 2020 versions: ~ 20.005.30635 (inclusive) (MacOS)

 

 

Resolved Vulnerabilities

 

Time-of-check Time-of-use (TOCTOU) race condition vulnerability in Acrobat Reader that could result in arbitrary code execution in the context of the user (CVE-2024-39420)

 

Vulnerability Patches

The following product-specific Vulnerability Patches have been made available in the latest update. If you are using an affected version, Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2024-39420

• Acrobat DC version: 24.002.21005 (Windows, macOS)
• Acrobat Reader DC version: 24.002.21005 (Windows, macOS)
• Acrobat 2024 version: 24.001.30159 (Windows, macOS)
• Acrobat 2020 version: 20.005.30655 (Windows, macOS)
• Acrobat Reader 2020 version: 20.005.30655 (Windows, MacOS)

 

References

[1] CVE-2024-39420 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-39420

[2] Security update available for Adobe Acrobat and Reader | APSB24-57

https://helpx.adobe.com/security/products/acrobat/apsb24-57.html