Hello everyone,
In this month's security release, Adobe has fixed security vulnerabilities in Reader and Acrobat for Windows and macOS. If these vulnerabilities are exploited, they could cause arbitrary code execution in the context of the current user.
CVE-2021-28550 has been exploited in the wild in limited attacks targeting Adobe Reader users on Windows
CVE-ID | Severity | Impact |
CVE-2021-28561 | Important | Arbitrary code execution |
CVE-2021-28560 | Critical | Arbitrary code execution |
CVE-2021-28558 | Important | Arbitrary code execution |
CVE-2021-28557 | Critical | Memory leak |
CVE-2021-28555 | Important | Arbitrary file system read |
CVE-2021-28565 | Critical | Arbitrary code execution |
CVE-2021-28564 | Critical | Arbitrary code execution |
CVE-2021-21044 CVE-2021-21038 CVE-2021-21086 | Critical | Arbitrary code execution |
CVE-2021-28559 | Important | Privilege escalation |
CVE-2021-28562 CVE-2021-28550 CVE-2021-28553 | Critical | Arbitrary code execution |
The affected versions include:
Acrobat DC Continuous - 2021.001.20150 and earlier versions
Acrobat Reader DC Continuous - 2021.001.20150 and earlier versions
Acrobat 2017 Classic 2017 - 2017.011.30194 and earlier versions
Acrobat Reader 2017 Classic 2017 - 2017.011.30194 and earlier versions
Acrobat DC Continuous - 2021.001.20149 and earlier versions
Acrobat Reader DC Continuous - 2021.001.20149 and earlier versions
Acrobat 2020 Classic 2020 - 2020.001.30020 and earlier versions
Acrobat Reader 2020 Classic 2020 - 2020.001.30020 and earlier versions
To patch these vulnerabilities, initiate a sync between the Patch Manager Plus server and the Central Patch repository. Search for the following Patch IDs or Bulletin IDs and install them in your target systems.
Patch ID | Bulletin ID | Description |
319534 | TU-753 | Adobe Acrobat 2017 Pro and Standard (Acrobat 2017 Track) update - All languages (17.011.30196) |
319535 | TU-1222 | Adobe Acrobat 2020 (Classic Track) (20.001.30025) |
319536 | TU-137 | Adobe Acrobat DC Pro and Standard (Continuous Track) update - All languages (21.001.20155) |
319537 | TU-754 | Adobe Acrobat Reader 2017 MUI (Classic Track) (17.011.30196) |
319538 | TU-1178 | Adobe Acrobat Reader 2020 MUI (Classic Track) (20.001.30025) |
319539 | TU-072 | Adobe Acrobat Reader DC (21.001.20155) |
319540 | TU-073 | Adobe Acrobat Reader DC MUI (21.001.20155) |
The ManageEngine Team