Security Advisory 2021-024

Release Date:

Critical Vulnerabilities in Adobe Acrobat Software

Download

History:

  • 12/05/2021 --- v1.0 -- Initial publication

Summary

Adobe has released 12 updates addressing 44 vulnerabilities in Experience Manager, InDesign, Illustrator, InCopy, Adobe Genuine Service, Acrobat and Reader, Magento, Creative Cloud Desktop, Media Encoder, After Effects, Medium, and Animate [1, 4]. The most critical of them -- CVE-2021-28550 -- may allow attackers to remotely execute code [3].

Technical Details

This advisory only describes the most critical vulnerability CVE-2021-28550, because Adobe has received a report that CVE-2021-28550 vulnerability has been exploited in the wild in limited attacks targeting Adobe Reader users on Windows.

In addition, Adobe has not provided any technical details about the attacks, but this vulnerability could be exploited by an attacker by tricking victims into opening specially crafted PDF with an affected version of Acrobat Reader [2, 5].

Priority and Severity Rating for CVE-2021-28550

  • Priority - 1 (Highest): this update resolves vulnerabilities being targeted, or which have a higher risk of being targeted, by exploit(s) in the wild for a given product version and platform. Adobe recommends administrators install the update as soon as possible. (for example, within 72 hours) [3]. 
  • Severity - Critical (Highest): a vulnerability, which, if exploited would allow malicious native-code to execute, potentially without a user being aware [3]. 

Affected Products

The following products could be affected by the vulnerability [2]:

ProductAffected VersionsPlatform
Acrobat DC2021.001.20150 and earlier versionsWindows
Acrobat Reader DC2021.001.20150 and earlier versionsWindows
Acrobat DC2021.001.20149 and earlier versionsMacOS
Acrobat Reader DC2021.001.20149 and earlier versionsMacOS
Acrobat 20202020.001.30020 and earlier versionsWindows & macOS
Acrobat DC2020.001.30020 and earlier versionsWindows & macOS
Acrobat 20172017.011.30194  and earlier versionsWindows & macOS
Acrobat DC2017.011.30194  and earlier versionsWindows & macOS

Recommendations

It is recommended to update all affected software to the latest versions.

References

[1] https://helpx.adobe.com/security.html

[2] https://helpx.adobe.com/security/products/acrobat/apsb21-29.html

[3] https://helpx.adobe.com/security/severity-ratings.html

[4] https://www.zerodayinitiative.com/blog/2021/5/11/the-may-2021-security-update-review

[5] https://securityaffairs.co/wordpress/117792/security/windows-zero-day-4.html

We got cookies

We only use cookies that are necessary for the technical functioning of our website. Find out more on here.