Detected critical zero-day vulnerability on Adobe Reader

The list of products updated by Adobe security includes Adobe Experience Manager, Adobe InDesign, Adobe Illustrator, Adobe InCopy, Adobe Genuine Service, Adobe Acrobat and Reader, Magento, Adobe Creative Cloud Desktop Application, Adobe Media Encoder, Adobe After Effects, Adobe Medium and Adobe Animate.

According to Adobe, they have received reports that a number of attacks have been carried out by hackers targeting Adobe Reader users on Windows. These attacks exploit a zero-day vulnerability with code CVE-2021-28550. If the exploit is successful, the hacker can execute almost any command on the target's computer.

Although the hacker has only targeted Adobe Reader users on Windows, the vulnerability affects Acrobat DC, Acrobat Reader DC, Acrobat 2020, Acrobat Reader 2020, Acrobat 2017, and Acrobat Reader 2017 for Windows and macOS. This critical zero-day vulnerability was discovered by an anonymous researcher and then reported to Adobe.

In this batch, Adobe has patched 10 critical vulnerabilities and 4 critical vulnerabilities in Adobe Acrobat and Reader, 5 critical vulnerabilities in Adobe Illustrator (from CVE-2021-21101 to CVE-2021-21105). Vulnerabilities in Illustrator also allow attackers to execute arbitrary code on the target computer.

In total, Adobe has resolved 43 security flaws in the just released update. Adobe recommends that users update the software listed above as soon as possible to avoid risks.