Adobe releases updates (APSB21-55) to fix several critical vulnerabilities in Reader and Acrobat

Adobe releases updates (APSB21-55) to fix several critical vulnerabilities in Reader and Acrobat

Hello everyone,

 

In this month's security release, Adobe has fixed several critical, important, and moderate security vulnerabilities in Reader and Acrobat for Windows and macOS. If these vulnerabilities are exploited, they could cause arbitrary code execution in the context of the current user.

 

The details of the vulnerabilities fixed are as follows:

 CVE-ID Severity Impact
 CVE-2021-39841 Critical Arbitrary code execution
 CVE-2021-39863 Critical Arbitrary code execution
 CVE-2021-39857

 CVE-2021-39856

 CVE-2021-39855
 Moderate Arbitrary file system read
 CVE-2021-39844 Critical Memory leak
 CVE-2021-39861 Important Memory leak
 CVE-2021-39858 Moderate Arbitrary file system read
 CVE-2021-39843 Critical Memory leak
 CVE-2021-39846
 CVE-2021-39845
 Critical Arbitrary code execution
 CVE-2021-35982 Important Arbitrary code execution
 CVE-2021-39840

 CVE-2021-39842

 CVE-2021-39839

 CVE-2021-39838

 CVE-2021-39837

 CVE-2021-39836
 Critical Arbitrary code execution
 CVE-2021-39860 Important Memory leak
 CVE-2021-39852 Critical Application denial-of-service
 CVE-2021-39854

 CVE-2021-39853

 CVE-2021-39850

 CVE-2021-39849
 Important Application denial-of-service
 CVE-2021-39851 Important Application denial-of-service

 The affected versions include:
  • Acrobat DC Continuous - 2021.005.20060 and earlier versions      

  • Acrobat Reader DC Continuous - 2021.005.20060 and earlier versions          

  • Acrobat 2017 Classic 2017 - 2017.011.30199  and earlier versions   

  • Acrobat Reader 2017 Classic 2017 - 2017.011.30199  and earlier versions             

  • Acrobat 2020 Classic 2020  -  2020.004.30006 and earlier versions

  • Acrobat Reader 2020 Classic 2020 - 2020.004.30006 and earlier versions   


To patch these vulnerabilities, initiate a sync between the Vulnerability Manager Plus server and the Central Patch repository. Search for the following Patch IDs or Bulletin IDs and install them in your target systems.

 Patch ID Bulletin ID Description
 321390 TU-753 Adobe Acrobat 2017 Pro and Standard (Acrobat 2017 Track) update - All languages (17.011.30202) (APSB21-55)
 321391 TU-1222 Adobe Acrobat 2020 (Classic Track) (20.004.30015) (APSB21-55)
 321392 TU-137 Adobe Acrobat DC Pro and Standard (Continuous Track) update - All languages (21.007.20091) (APSB21-55)
 321393 TU-754 Adobe Acrobat Reader 2017 MUI (Classic Track) (17.011.30202) (APSB21-55)
 321394 TU-1178 Adobe Acrobat Reader 2020 MUI (Classic Track) (20.004.30015) (APSB21-55)
 321395 TU-072 Adobe Acrobat Reader DC (21.007.20091) (APSB21-55)
 321396 TU-073 Adobe Acrobat Reader DC MUI (21.007.20091) (APSB21-55)

Cheers,

The ManageEngine Team