Adobe has notified its customers of a critical zero-day vulnerability actively exploited in the wild that affects its ubiquitous Adobe Acrobat PDF reader software.
According to Adobe, the zero-day vulnerability, tracked as CVE-2021-28550, “has been exploited in the wild in limited attacks targeting Adobe Reader users on Windows.”
“Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user”, reads the advisory published by Adobe.
The vulnerability affects eight versions of the software, including those running on Windows and macOS systems. Such versions include:
The software giant addressed 11 security vulnerabilities in Adobe Acrobat and Reader for Windows and MacOS platforms.
“Users can update their product installations manually by choosing Help > Check for Updates,” Adobe wrote in its security bulletin.
The company also addressed three critical Out-of-bounds write issues in InDesign (CVE-2021-21098, CVE-2021-21099, CVE-2021-21043) that could lead to arbitrary code execution.
The latest product versions are available to end-users via one of the following methods:
For IT administrators (managed environments):
Install updates via your preferred methodologies, such as AIP-GPO, bootstrapper, SCUP/SCCM (Windows), or on macOS, Apple Remote Desktop and SSH.
Splunk Inc. has disclosed two significant vulnerabilities within its software suite, posing a considerable risk…
GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report that highlights…
In 2023, C2A Security added multiple OEMs and Tier 1s to its portfolio of customers,…
Apple users are falling prey to a sophisticated phishing campaign designed to hijack their Apple…
Hackers have been found leveraging weaponized virtual hard disk (VHD) files to deploy the notorious…
A security update released by ChatRTX on March 26th, 2024, addresses two vulnerabilities (CVE-2024-0082 and…