Adobe Acrobat Use-After-Free Vulnerability
Adobe Acrobat contains a use-after-free vulnerability that allows for code execution
Quick answer
Adobe Acrobat should be reviewed and updated if it matches the affected versions. The recommended fix is to apply the vendor-supported patched version or the mitigation steps below, then retest the public website with Fixnx.
Who is affected
Affected versions
- 20.001.30002
- -
Fixed versions
- Apply the latest vendor-supported patched version.
How to fix it
Treat CVE-2020-9715 as an actively exploited Adobe Acrobat and Reader use-after-free vulnerability that can lead to arbitrary code execution when a malicious PDF is opened. Adobe APSB20-48 lists affected Acrobat and Reader DC, 2020, 2017, and 2015 tracks and recommends updating to the fixed releases or later. Prioritize users and systems that handle external PDFs, email attachments, browser downloads, support tickets, or shared document repositories. If an affected product track is no longer supported in your environment, replace it with a currently supported Adobe release instead of leaving the old branch installed.
- Inventory Adobe Acrobat DC, Acrobat Reader DC, Acrobat 2020, Reader 2020, Acrobat 2017, Reader 2017, Acrobat 2015, and Reader 2015 across Windows and macOS endpoints.
- Identify Acrobat DC and Reader DC 2020.009.20074 and earlier, Acrobat/Reader 2020 version 2020.001.30002, Acrobat/Reader 2017 version 2017.011.30171 and earlier, and Acrobat/Reader 2015 version 2015.006.30523 and earlier as affected.
- Update Acrobat DC and Reader DC to 2020.012.20041 or later.
- Update Acrobat/Reader 2020 to 2020.001.30005 or later, Acrobat/Reader 2017 to 2017.011.30175 or later, and Acrobat/Reader 2015 to 2015.006.30527 or later where those tracks are still supported.
- Use Help > Check for Updates, automatic updates, Adobe enterprise installers, SCCM, GPO, Intune, MDM, Apple Remote Desktop, SSH, or another approved deployment workflow.
- Apply temporary controls for PDF handling until patching is complete, including warnings for unexpected attachments and tighter filtering on externally supplied PDFs.
- Review endpoint telemetry for suspicious Acrobat child processes, unusual PDF launches, dropped files, or alerts connected to malicious documents.
- Remove or replace unsupported Acrobat and Reader installations that cannot receive vendor security updates.
Scan now. Google sign-in is only needed to unlock fix guidance.
Verify the fix
- Confirm Acrobat DC and Reader DC installations report version 2020.012.20041 or later.
- Confirm Acrobat/Reader 2020 reports 2020.001.30005 or later, Acrobat/Reader 2017 reports 2017.011.30175 or later, and Acrobat/Reader 2015 reports 2015.006.30527 or later where those tracks remain in use.
- Confirm endpoint inventory, MDM, SCCM, or software management data no longer shows affected versions.
- Run Help > Check for Updates on a sample of managed endpoints and confirm no related Acrobat or Reader security update remains pending.
- Review EDR and mail-security logs after remediation for additional malicious PDF activity.
- Run a Fixnx scan against public download, upload, and support surfaces to understand related PDF exposure paths.
Related categories
Trusted references
FAQ
What is affected by CVE-2020-9715?
Adobe Acrobat should be checked against the vendor advisory and trusted references linked on this page.
What should I fix first?
Start with internet-facing sites, admin panels, login flows, plugins, themes, modules, packages, and systems that process user-controlled input or sensitive data.
How do I confirm the fix worked?
Apply the patched version or mitigation, clear caches where relevant, retest the affected workflow, and run a new Fixnx scan to verify public website exposure signals.
Why can this risk appear in multiple categories?
A vulnerability can belong to more than one platform or ecosystem. Fixnx keeps one canonical risk page while also listing it in every relevant category.
