This article is for informational purposes. Always refer to Adobe’s official documentation for the latest security patches and version support lifecycles.
If you encounter this version on your network, treat it as an urgent security finding. Patch it, upgrade it, or retire it. Do not let convenience or plugin dependencies chain you to an insecure past. Adobe Acrobat Pro DC 2020.012.20048 -x86 x64-...
In 2021, threat actors exploited CVE-2020-9715 in phishing campaigns using malicious PDFs labeled “Invoice_2020.pdf.” If opened in Acrobat Pro DC build 20048 , the attacker could install ransomware without user interaction (except disabling Protected View). Protected View in this Build Build 2020.012.20048 includes Protected View (sandboxing) but it is not enabled by default for all files. Adobe’s default “Files from potentially unsafe locations” turned on sandbox. However, many users disabled it for convenience, exposing themselves. This article is for informational purposes
| CVE ID | Severity | Description | Fixed in Build | | :--- | :--- | :--- | :--- | | CVE-2020-9715 | Critical | Use-after-free leading to RCE (Remote Code Execution) | 2020.013.20074 | | CVE-2020-9728 | Important | Out-of-bounds write → memory corruption | 2020.013.20074 | | CVE-2021-21017 | Critical | Heap overflow via crafted PDF causing system takeover | 2021.001.20135 (not applicable) | | CVE-2021-28550 | Critical | Arbitrary code execution via JavaScript API | 2021.005.20048+ | Patch it, upgrade it, or retire it
Adobe releases Security Bulletins (APSB) monthly. For the Classic Track 2020, here are vulnerabilities present in build 20048 but fixed in later builds: