← back
CVE-2020-24439

Acrobat Reader DC for macOS Signature Validation Bypass

CVSS 2.8 LOWEPSS 0.6%CWE-347
Vexday Risk Score
8Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 2.8EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
05 Nov 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Acrobat Reader DC for macOS versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a security feature bypass. While the practical security impact is minimal, a defense-in-depth fix has been implemented to further harden the Adobe Reader update process.
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Affected products
Adobe · Acrobat Reader

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://helpx.adobe.com/security/products/acrobat/apsb20-67.html