Adobe’s Patch Tuesday updates for May include patches for several vulnerabilities affecting 12 different devices, including a zero-day bug in Adobe Reader that is being actively exploited in the wild.
The list of Adobe Apps that were updated –
Adobe Experience Manager, Adobe InDesign, Adobe Illustrator, Adobe InCopy, Adobe Genuine Service, Adobe Acrobat and Reader, Magento, Adobe Creative Cloud Desktop Application, Adobe Media Encoder, Adobe After Effects, Adobe Medium, and Adobe Animate.
The company acknowledged in a security bulletin that the flaw “has been exploited in the wild in limited attacks targeting Adobe Reader users on Windows”.
The zero-day, identified as CVE-2021-28550, is an arbitrary code execution flaw that could allow adversaries to execute virtually any command on target systems.
The targeted attacks targeted Adobe Reader users on Windows, but the problem affects both Windows and macOS versions of Acrobat DC, Acrobat Reader DC, Acrobat 2020, Acrobat Reader 2020, Acrobat 2017, and Acrobat Reader 2017. The vulnerability was first reported by an anonymous researcher.
You might also like: 6 Unpatched bugs discovered in Remote Mouse App
Adobe patch was released for Acrobat and Reader, for ten critical and four significant flaws, followed by Adobe Illustrator for five critical flaws (CVE-2021-21101-CVE-2021-21105) that could lead to arbitrary code execution in the sense of the current user.
Three of the five vulnerabilities were reported by Kushal Arvind Shah of Fortinet’s FortiGuard Labs, according to Adobe.
The Tuesday update Adobe patched a total of 43 security flaws.
To minimize the risk associated with the bugs, it is recommended that users should update their Adobe apps to the most recent versions.
You might also like: Beware: Foxit Reader bug allows hackers run malicious code via PDFs
While administrators will be able to update managed environments using their preferred methods, user-installed versions of Adobe Acrobat and Reader will be set to update automatically as soon as a new update is detected, according to Adobe.
Users who want to manually install the upgrade will do so by going to the Help menu and selecting Check for Updates.
If this fails, they can visit Adobe’s website and download the complete Adobe Reader installer from the Acrobat Reader Download Center.