Adobe releases updates (APSB21-51) to fix several critical vulnerabilities in Reader and Acrobat

Adobe releases updates (APSB21-51) to fix several critical vulnerabilities in Reader and Acrobat

Hello everyone,

 

In this month's security release, Adobe has fixed several critical and important security vulnerabilities in Reader and Acrobat for Windows and macOS. If these vulnerabilities are exploited, they could cause arbitrary code execution in the context of the current user.

 

Two of the most serious vulnerabilities are use-after-free flaws tracked as CVE-2021-28641 and  CVE-2021-28639, which when exploited allows threat actors to execute code arbitrarily on targeted systems or just create application crashes.

 

The details of the vulnerabilities fixed are as follows:

 CVE-ID
 Severity
 Impact
 CVE-2021-35988
 CVE-2021-35987
 Important
 Privilege escalation
 CVE-2021-35980
 CVE-2021-28644
 Critical
 Arbitrary file system read  
 CVE-2021-28640
 Critical
 Arbitrary code execution
 CVE-2021-28643
 Critical
 Arbitrary code execution
 CVE-2021-28641
 CVE-2021-28639
 Critical
 Arbitrary code execution
 CVE-2021-28642
 Critical
 Arbitrary file system write
 CVE-2021-28637
 Critical
 Memory leak
 CVE-2021-35986
 Important
 Arbitrary file system read
 CVE-2021-28638
 Critical
 Arbitrary code execution
 CVE-2021-35985
 CVE-2021-35984
 Important
 Application denial-of-service
 CVE-2021-28636
 Critical
 Arbitrary code execution
 CVE-2021-28634
 Critical
 Arbitrary code execution
 CVE-2021-35983

 CVE-2021-35981

 CVE-2021-28635
 Critical
 Arbitrary code execution 

The affected versions include:

  • Acrobat DC Continuous - 2021.005.20054 and earlier versions      

  • Acrobat Reader DC Continuous - 2021.005.20054 and earlier versions          

  • Acrobat 2017 Classic 2017 - 2017.011.30197  and earlier versions   

  • Acrobat Reader 2017 Classic 2017 - 2017.011.30197  and earlier versions             

  • Acrobat 2020 Classic 2020  -  2020.004.30005 and earlier versions 

  • Acrobat Reader 2020 Classic 2020 - 2020.004.30005 and earlier versions   

 

To patch these vulnerabilities, initiate a sync between the Desktop Central server and the Central Patch repository. Search for the following Patch IDs or Bulletin IDs and install them in your target systems.

 Patch ID
 Bulletin ID
 Description
 320494
 TU-753
 Adobe Acrobat 2017 Pro and Standard (Acrobat 2017 Track) update - All languages (17.011.30199) (APSB21-51)
 320495
 TU-1222
 Adobe Acrobat 2020 (Classic Track) (20.004.30006) (APSB21-51)
 320496
 TU-137
 Adobe Acrobat DC Pro and Standard (Continuous Track) update - All languages (21.005.20058) (APSB21-51)
 320497
 TU-754
 Adobe Acrobat Reader 2017 MUI (Classic Track) (17.011.30199) (APSB21-51)
 320498
 TU-1178
 Adobe Acrobat Reader 2020 MUI (Classic Track) (20.004.30006) (APSB21-51)
 320499
 TU-072
 Adobe Acrobat Reader DC (21.005.20058) (APSB21-51)
 320500
 TU-073
 Adobe Acrobat Reader DC MUI (21.005.20058) (APSB21-51)

Cheers,

The ManageEngine Team