Bulletin ID
Last updated on
Jun 11, 2024
Security update available for Adobe Acrobat Android | APSB24-50
|
|
Date Published |
Priority |
|---|---|---|
|
APSB24-50 |
June 11, 2024 |
3 |
Summary
Adobe has released a security update for Adobe Acrobat Android. This update addresses important vulnerabilities. Successful exploitation could lead to security feature bypass.
Affected Versions
Solution
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version.
|
Updated Versions |
Platform |
Priority Rating |
Availability |
|
|
Acrobat Android |
24.5.0.33694 |
Android |
3 |
Vulnerability Details
| Vulnerability Category | Vulnerability Impact | Severity | CVSS base score | CVSS vector | CVE Number |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22) |
Security feature bypass |
Important | 6.3 | CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N |
CVE-2024-34129 |
| Improper Authorization (CWE-285) |
Security feature bypass |
Important | 5.5 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
CVE-2024-34130 |
Acknowledgements
Adobe would like to thank the following researcher for reporting this issue and for working with Adobe to help protect our customers:
- Oversecured --CVE-2024-34129, CVE-2024-34130
NOTE: Adobe has a private, invite-only, bug bounty program with HackerOne. If you are interested in working with Adobe as an external security researcher, please fill out this form for next steps.
For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.
Adobe MAX
The Creativity Conference
Oct 14–16 Miami Beach and online
Adobe MAX
The Creativity Conference
Oct 14–16 Miami Beach and online