Adobe patches a zero-day along with several critical and important vulnerabilities in Acrobat and Reader
Hello everyone,
Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Adobe has also patched CVE-2021-21017 which has been exploited in the wild in limited attacks targeting Adobe Reader users on Windows.
The details of vulnerabilities patched are as follows:
| CVE ID | Vulnerability | Impact | Severity |
| CVE-2021-21046 | Buffer overflow | Application denial-of-service | Important |
| CVE-2021-21017 | Heap-based Buffer Overflow | Arbitrary code execution | Critical |
| CVE-2021-21037 | Path Traversal | Arbitrary code execution | Critical |
| CVE-2021-21036 | Integer Overflow | Arbitrary code execution | Critical |
| CVE-2021-21045 | Improper Access Control | Privilege escalation | Critical |
CVE-2021-21042 CVE-2021-21034 | Out-of-bounds Read | Privilege escalation | Important |
| CVE-2021-21061 | Use-after-free | Information Disclosure | Important |
CVE-2021-21044 CVE-2021-21038 | Out-of-bounds Write | Arbitrary code execution | Critical |
CVE-2021-21058 CVE-2021-21059 CVE-2021-21062 CVE-2021-21063 | Buffer overflow | Arbitrary code execution | Critical |
| CVE-2021-21057 | NULL Pointer Dereference | Information Disclosure | Important |
| CVE-2021-21060 | Improper Input Validation | Information Disclosure | Important |
CVE-2021-21041 CVE-2021-21040 CVE-2021-21039 CVE-2021-21035 CVE-2021-21033 CVE-2021-21028 CVE-2021-21021 | Use After Free | Arbitrary code execution | Critical |
To patch these vulnerabilities using Patch Manager Plus, initiate a sync between the Central Patch Repository and the Patch Manager Plus server. Once synced, search for the Patch IDs or Bulletin IDs relevant to the updates you want installed and deploy them to your target systems.
| Patch ID | Bulletin ID | Patch Description |
| 318297 | TU-137 | Adobe Acrobat DC Pro and Standard (Continuous Track) update - All languages (21.001.20135) (APSB21-09) |
| 318299 | TU-072 | Adobe Acrobat Reader DC (21.001.20135) (APSB21-09) |
| 318300 | TU-073 | Adobe Acrobat Reader DC MUI (21.001.20135) (APSB21- 09) |
| 318296 | TU-753 | Adobe Acrobat 2017 Pro and Standard (Acrobat 2017 Track) update - All languages (17.011.30190) (APSB21-09) |
| 318298 | TU-754 | Adobe Acrobat Reader 2017 MUI (Classic Track) (17.011.30190) (APSB21-09) |
| 318302 | TU-1178 | Adobe Acrobat Reader 2020 MUI (Classic Track) (20.001.30020) (APSB21-09) |
| 318303 | TU-1222 | Adobe Acrobat 2020 (Classic Track) (20.001.30020) (APSB21-09) |
Cheers,
The ManageEngine team