Adobe releases updates (APSB21-51) to fix several critical vulnerabilities in Reader and Acrobat

Adobe releases updates (APSB21-51) to fix several critical vulnerabilities in Reader and Acrobat

Hello everyone,

 

In this month's security release, Adobe has fixed several critical and important security vulnerabilities in Reader and Acrobat for Windows and macOS. If these vulnerabilities are exploited, they could cause arbitrary code execution in the context of the current user.

 

Two of the most serious vulnerabilities are use-after-free flaws tracked as CVE-2021-28641 and  CVE-2021-28639, which when exploited allows threat actors to execute code arbitrarily on targeted systems or just create application crashes.

 

The details of the vulnerabilities fixed are as follows:

 CVE-ID
 Severity
 Impact
 CVE-2021-35988
 CVE-2021-35987
 Important
 Privilege escalation
 CVE-2021-35980
 CVE-2021-28644
 Critical
 Arbitrary file system read  
 CVE-2021-28640
 Critical Arbitrary code execution
 CVE-2021-28643
 Critical Arbitrary code execution
 CVE-2021-28641
 CVE-2021-28639
 Critical Arbitrary code execution
 CVE-2021-28642
 Critical Arbitrary file system write
 CVE-2021-28637
 Critical Memory leak
 CVE-2021-35986
 Important Arbitrary file system read
 CVE-2021-28638
 Critical Arbitrary code execution
 CVE-2021-35985
 CVE-2021-35984
 Important Application denial-of-service
 CVE-2021-28636 Critical Arbitrary code execution
 CVE-2021-28634 Critical Arbitrary code execution
 CVE-2021-35983

 CVE-2021-35981

 CVE-2021-28635
 Critical Arbitrary code execution 

The affected versions include:

  • Acrobat DC Continuous - 2021.005.20054 and earlier versions      

  • Acrobat Reader DC Continuous - 2021.005.20054 and earlier versions          

  • Acrobat 2017 Classic 2017 - 2017.011.30197  and earlier versions   

  • Acrobat Reader 2017 Classic 2017 - 2017.011.30197  and earlier versions             

  • Acrobat 2020 Classic 2020  -  2020.004.30005 and earlier versions 

  • Acrobat Reader 2020 Classic 2020 - 2020.004.30005 and earlier versions   

 

To patch these vulnerabilities, initiate a sync between the Vulnerability Manager Plus server and the Central Patch repository. Search for the following Patch IDs or Bulletin IDs and install them in your target systems.

 Patch ID Bulletin ID Description
 320494 TU-753 Adobe Acrobat 2017 Pro and Standard (Acrobat 2017 Track) update - All languages (17.011.30199) (APSB21-51)
 320495 TU-1222 Adobe Acrobat 2020 (Classic Track) (20.004.30006) (APSB21-51)
 320496 TU-137 Adobe Acrobat DC Pro and Standard (Continuous Track) update - All languages (21.005.20058) (APSB21-51)
 320497 TU-754 Adobe Acrobat Reader 2017 MUI (Classic Track) (17.011.30199) (APSB21-51)
 320498 TU-1178 Adobe Acrobat Reader 2020 MUI (Classic Track) (20.004.30006) (APSB21-51)
 320499 TU-072 Adobe Acrobat Reader DC (21.005.20058) (APSB21-51)
 320500 TU-073 Adobe Acrobat Reader DC MUI (21.005.20058) (APSB21-51)

Cheers,

The ManageEngine Team