Cyber Security

Adobe Zero-day Vulnerability Reader for Windows has been Exploited in the Wild

Adobe has notified its customers of a critical zero-day vulnerability actively exploited in the wild that affects its ubiquitous Adobe Acrobat PDF reader software.

According to Adobe, the zero-day vulnerability, tracked as CVE-2021-28550, “has been exploited in the wild in limited attacks targeting Adobe Reader users on Windows.”

“Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user”, reads the advisory published by Adobe.

Affected Versions

The vulnerability affects eight versions of the software, including those running on Windows and macOS systems. Such versions include:

  • Windows Acrobat DC & Reader DC (versions 2021.001.20150 and earlier)
  • macOS Acrobat DC & Reader DC (versions 2021.001.20149 and earlier)
  • Windows & macOS Acrobat 2020 & Acrobat Reader 2020 (2020.001.30020 and earlier versions)
  • Windows & macOS Acrobat 2017 & Acrobat Reader 2017 (2017.011.30194  and earlier versions)

The software giant addressed 11 security vulnerabilities in Adobe Acrobat and Reader for Windows and MacOS platforms.

“Users can update their product installations manually by choosing Help > Check for Updates,” Adobe wrote in its security bulletin.

List of Vulnerabilities in Acrobat and Reader

The company also addressed three critical Out-of-bounds write issues in InDesign (CVE-2021-21098, CVE-2021-21099, CVE-2021-21043) that could lead to arbitrary code execution.

Adobe Recommends Users Update Their Software Installations to the Latest Versions:

The latest product versions are available to end-users via one of the following methods:    

  • Users can update their product installations manually by choosing Help > Check for Updates.
  • The products will update automatically, without requiring user intervention, when updates are detected.
  • The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center.

For IT administrators (managed environments):     

  • Refer to the specific release note version for links to installers.

Install updates via your preferred methodologies, such as AIP-GPO, bootstrapper, SCUP/SCCM (Windows), or on macOS, Apple Remote Desktop and SSH.

Guru Baran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Multiple Splunk Vulnerabilities Attackers Bypass SPL Safeguards : Patch Now

Splunk Inc. has disclosed two significant vulnerabilities within its software suite, posing a considerable risk…

3 hours ago

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report that highlights…

17 hours ago

C2A Security’s EVSec Risk Management and Automation Platform Gains Automotive Industry Favor as Companies Pursue Regulatory Compliance

In 2023, C2A Security added multiple OEMs and Tier 1s to its portfolio of customers,…

18 hours ago

Apple ID “push bombing” Attack Targeting Apple Users to Steal passwords

Apple users are falling prey to a sophisticated phishing campaign designed to hijack their Apple…

20 hours ago

Hackers Using Weaponized Virtual Hard Disk Files to Deliver Remcos RAT

Hackers have been found leveraging weaponized virtual hard disk (VHD) files to deploy the notorious…

20 hours ago

NVIDIA ChatRTX For Windows App Vulnerability Let Attackers Escalate Privilege

A security update released by ChatRTX on March 26th, 2024, addresses two vulnerabilities (CVE-2024-0082 and…

1 day ago