Hello everyone,
In this month's security release, Adobe has fixed several critical and important security vulnerabilities in Reader and Acrobat for Windows and macOS. If these vulnerabilities are exploited, they could cause arbitrary code execution in the context of the current user.
Two of the most serious vulnerabilities are use-after-free flaws tracked as CVE-2021-28641 and CVE-2021-28639, which when exploited allows threat actors to execute code arbitrarily on targeted systems or just create application crashes.
CVE-ID | Severity | Impact |
CVE-2021-35988 CVE-2021-35987 | Important | Privilege escalation |
CVE-2021-35980 CVE-2021-28644 | Critical | Arbitrary file system read |
CVE-2021-28640 | Critical | Arbitrary code execution |
CVE-2021-28643 | Critical | Arbitrary code execution |
CVE-2021-28641 CVE-2021-28639 | Critical | Arbitrary code execution |
CVE-2021-28642 | Critical | Arbitrary file system write |
CVE-2021-28637 | Critical | Memory leak |
CVE-2021-35986 | Important | Arbitrary file system read |
CVE-2021-28638 | Critical | Arbitrary code execution |
CVE-2021-35985 CVE-2021-35984 | Important | Application denial-of-service |
CVE-2021-28636 | Critical | Arbitrary code execution |
CVE-2021-28634 | Critical | Arbitrary code execution |
CVE-2021-35983 CVE-2021-35981 CVE-2021-28635 | Critical | Arbitrary code execution |
The affected versions include:
Acrobat DC Continuous - 2021.005.20054 and earlier versions
Acrobat Reader DC Continuous - 2021.005.20054 and earlier versions
Acrobat 2017 Classic 2017 - 2017.011.30197 and earlier versions
Acrobat Reader 2017 Classic 2017 - 2017.011.30197 and earlier versions
Acrobat 2020 Classic 2020 - 2020.004.30005 and earlier versions
Acrobat Reader 2020 Classic 2020 - 2020.004.30005 and earlier versions
To patch these vulnerabilities, initiate a sync between the Vulnerability Manager Plus server and the Central Patch repository. Search for the following Patch IDs or Bulletin IDs and install them in your target systems.
Patch ID | Bulletin ID | Description |
320494 | TU-753 | Adobe Acrobat 2017 Pro and Standard (Acrobat 2017 Track) update - All languages (17.011.30199) (APSB21-51) |
320495 | TU-1222 | Adobe Acrobat 2020 (Classic Track) (20.004.30006) (APSB21-51) |
320496 | TU-137 | Adobe Acrobat DC Pro and Standard (Continuous Track) update - All languages (21.005.20058) (APSB21-51) |
320497 | TU-754 | Adobe Acrobat Reader 2017 MUI (Classic Track) (17.011.30199) (APSB21-51) |
320498 | TU-1178 | Adobe Acrobat Reader 2020 MUI (Classic Track) (20.004.30006) (APSB21-51) |
320499 | TU-072 | Adobe Acrobat Reader DC (21.005.20058) (APSB21-51) |
320500 | TU-073 | Adobe Acrobat Reader DC MUI (21.005.20058) (APSB21-51) |
Cheers,
The ManageEngine Team