Adobe releases updates (APSB21-29) for vulnerabilities in Reader and Acrobat, fixing 1 zero-day in Reader

Adobe releases updates (APSB21-29) for vulnerabilities in Reader and Acrobat, fixing 1 zero-day in Reader

Hello everyone,

 

In this month's security release, Adobe has fixed security vulnerabilities in Reader and Acrobat for Windows and macOS. If these vulnerabilities are exploited, they could cause arbitrary code execution in the context of the current user.

 

CVE-2021-28550 has been exploited in the wild in limited attacks targeting Adobe Reader users on Windows

 

The details of the vulnerabilities fixed are as follows: 

 CVE-ID
 Severity
 Impact
 CVE-2021-28561
 Important
 Arbitrary code execution
 CVE-2021-28560
 Critical
 Arbitrary code execution
 CVE-2021-28558
 Important
 Arbitrary code execution
 CVE-2021-28557
 Critical
 Memory leak
 CVE-2021-28555
 Important
 Arbitrary file system read
 CVE-2021-28565
 Critical
 Arbitrary code execution
 CVE-2021-28564
 Critical
 Arbitrary code execution
 CVE-2021-21044

 CVE-2021-21038

 CVE-2021-21086
 Critical
 Arbitrary code execution
 CVE-2021-28559
 Important
 Privilege escalation      
 CVE-2021-28562

 CVE-2021-28550

 CVE-2021-28553
 Critical
 Arbitrary code execution

The affected versions include:

  • Acrobat DC Continuous - 2021.001.20150 and earlier versions   

  • Acrobat Reader DC Continuous - 2021.001.20150 and earlier versions  

  • Acrobat 2017 Classic 2017 - 2017.011.30194  and earlier versions     

  • Acrobat Reader 2017 Classic 2017 - 2017.011.30194  and earlier versions

  • Acrobat DC Continuous - 2021.001.20149 and earlier versions      

  • Acrobat Reader DC Continuous - 2021.001.20149 and earlier versions       

  • Acrobat 2020 Classic 2020  -  2020.001.30020 and earlier versions 

  • Acrobat Reader 2020 Classic 2020 - 2020.001.30020 and earlier versions

To patch these vulnerabilities, initiate a sync between the Desktop Central server and the Central Patch repository. Search for the following Patch IDs or Bulletin IDs and install them in your target systems.


 Patch ID
 Bulletin ID
 Description
 319534
 TU-753
 Adobe Acrobat 2017 Pro and Standard (Acrobat 2017 Track) update - All   languages (17.011.30196)
 319535
 TU-1222
 Adobe Acrobat 2020 (Classic Track) (20.001.30025)
 319536
 TU-137
 Adobe Acrobat DC Pro and Standard (Continuous Track) update - All   languages (21.001.20155)
 319537
 TU-754
 Adobe Acrobat Reader 2017 MUI (Classic Track) (17.011.30196)
 319538
 TU-1178
 Adobe Acrobat Reader 2020 MUI (Classic Track) (20.001.30025)
 319539
 TU-072
 Adobe Acrobat Reader DC (21.001.20155)
 319540
 TU-073
 Adobe Acrobat Reader DC MUI (21.001.20155)

Cheers,

The ManageEngine Team