CVE-2020-9601
📋 TL;DR
This CVE describes an out-of-bounds read vulnerability in Adobe Acrobat and Reader that could allow attackers to read sensitive memory contents. Successful exploitation could lead to information disclosure, potentially exposing confidential data. Users running affected versions of Adobe Acrobat or Reader are vulnerable.
💻 Affected Systems
- Adobe Acrobat DC
- Adobe Acrobat Reader DC
- Adobe Acrobat 2017
- Adobe Acrobat Reader 2017
- Adobe Acrobat 2015
- Adobe Acrobat Reader 2015
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could read sensitive memory contents, potentially exposing passwords, encryption keys, or other confidential information stored in memory.
Likely Case
Information disclosure of limited memory contents, possibly revealing some application data or system information.
If Mitigated
No impact if patched or if exploit attempts are blocked by security controls.
🎯 Exploit Status
Exploitation requires user interaction (opening a malicious PDF file).
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Acrobat DC/Reader DC: 2020.009.20063 or later; Acrobat 2017/Reader 2017: 2017.011.30173 or later; Acrobat 2015/Reader 2015: 2015.006.30523 or later
Vendor Advisory: https://helpx.adobe.com/security/products/acrobat/apsb20-24.html
Restart Required: Yes
Instructions:
1. Open Adobe Acrobat or Reader. 2. Go to Help > Check for Updates. 3. Follow prompts to install available updates. 4. Restart the application.
🔧 Temporary Workarounds
Disable JavaScript in Adobe Reader
allDisabling JavaScript can prevent exploitation through malicious PDFs that use JavaScript to trigger the vulnerability.
Edit > Preferences > JavaScript > Uncheck 'Enable Acrobat JavaScript'
Use Protected View
allEnable Protected View to open untrusted PDFs in a sandboxed environment.
Edit > Preferences > Security (Enhanced) > Enable Protected View at startup
🧯 If You Can't Patch
- Restrict PDF file opening to trusted sources only.
- Use alternative PDF viewers that are not affected by this vulnerability.
🔍 How to Verify
Check if Vulnerable:
Check Adobe Acrobat/Reader version via Help > About Adobe Acrobat/Reader and compare with affected versions.Check Version:
On Windows: wmic product where name like "Adobe Acrobat%" get version; On macOS: /Applications/Adobe\ Acrobat\ Reader\ DC.app/Contents/Info.plist | grep -A1 CFBundleShortVersionStringVerify Fix Applied:
Verify version is updated to patched versions: Acrobat DC/Reader DC: 2020.009.20063+, Acrobat 2017/Reader 2017: 2017.011.30173+, Acrobat 2015/Reader 2015: 2015.006.30523+.📡 Detection & Monitoring
Log Indicators:
- Application crashes in Adobe Acrobat/Reader logs
- Unexpected memory access errors in system logs
Network Indicators:
- Downloads of PDF files from untrusted sources
- Network traffic patterns indicating data exfiltration
SIEM Query:
source="*acrobat*" AND (event_type="crash" OR error="memory")