A patch for Adobe Acrobat, the world’s foremost PDF reader, fixes a vulnerability less than lively attack influencing both equally Windows and macOS methods that could direct to arbitrary code execution.
Adobe is warning prospects of a critical zero-working day bug actively exploited in the wild that affects its ubiquitous Adobe Acrobat PDF reader software package. A patch is obtainable, as part of the company’s Tuesday roundup of 43 fixes for 12 of its items, such as Adobe Creative Cloud Desktop Software, Illustrator, InDesign, and Magento.
According to Adobe, the zero-working day vulnerability, which is tracked as CVE-2021-28550, “has been exploited in the wild in constrained attacks concentrating on Adobe Reader people on Windows.”
Windows customers of Adobe Reader might be the only ones currently specific. On the other hand, the bug affects eight variations of the program, together with those managing on Windows and macOS systems. Versions consist of:
- Windows Acrobat DC & Reader DC (variations 2021.001.20150 and earlier)
- macOS Acrobat DC & Reader DC (variations 2021.001.20149 and earlier)
- Windows & macOS Acrobat 2020 & Acrobat Reader 2020 (2020.001.30020 and before versions)
- Windows & macOS Acrobat 2017 & Acrobat Reader 2017 (2017.011.30194 and earlier versions)
Adobe did not launch complex details regarding the zero-day vulnerability. Commonly, these facts develop into offered just after buyers have experienced an opportunity to implement the repair. “Users can update their solution installations manually by deciding upon Help > Look at for Updates,” Adobe wrote in its May security bulletin, posted Tuesday.
Might Adobe Update Fixes Several Critical Bugs
Also component of Tuesday’s roundup of 43 fixes are many other bugs rated critical. In all, Adobe Acrobat gained 10 critical and 4 important vulnerability patches. Seven out of people bugs integrated arbitrary code execution bugs. A few (CVE-2021-21044, CVE-2021-21038, CVE-2021-21086) of the vulnerabilities patched on Tuesday open up techniques up to out-of-bounds create attacks.
Adobe Illustrator obtained the upcoming best number of patches on Tuesday, with 5 critical code execution vulnerabilities preset. According to Adobe’s description of the flaws, 3 (CVE-2021-21103, CVE-2021-21104, CVE-2021-21105) are memory corruption bugs that open systems up to hackers, triggering arbitrary code execution on targeted systems. Kushal Arvind Shah, a bug hunter with Fortinet’s FortiGuard Labs, is credited for the three memory corruption bugs.
Additional Adobe merchandise getting patches bundled Adobe Animate, Adobe Medium, Adobe After Results, Adobe Media Encoder, Adobe Authentic Services, Adobe InCopy and Adobe Legitimate Provider.
Down load our exclusive No cost Threatpost Insider E-book, “2021: The Evolution of Ransomware,” to support hone your cyber-protection procedures from this increasing scourge. We go further than the status quo to uncover what is upcoming for ransomware and the similar rising threats. Get the complete tale and Download the Ebook now – on us!
Some elements of this write-up are sourced from:
threatpost.com