14 DAY TRIAL // Adobe has released an extensive Patch on Tuesday that contains security updates for 12 different apps. One of these apps, Adobe Reader, is currently being actively exploited.
Adobe Experience Manager, Adobe InDesign, Adobe InCopy, Adobe Genuine Service, Adobe Illustrator, Adobe Acrobat and Reader, Magento, Adobe Creative Cloud Desktop Application, Adobe Media Encoder, Adobe After Effects, Adobe Medium, and Adobe Animate are among the applications that have been updated.
One of the Adobe Acrobat and Reader vulnerabilities, CVE-2021-28550, has been exploited in the wild in limited attacks against Adobe Reader on Windows devices, according to Adobe.
CVE-2021-28550 is a remote code execution vulnerability in Windows that allows attackers to run almost any command, including malware installation and computer takeover.
Adobe Acrobat and Reader were patched for ten critical and four important flaws, followed by Adobe Illustrator for five critical flaws (CVE-2021-21101-CVE-2021-21105). The latter could lead to arbitrary code execution in the context of the current user. Three vulnerabilities were reported by Kushal Arvind Shah of Fortinet's FortiGuard Labs.
There were 43 vulnerabilities fixed in total, not including Adobe Experience Manager dependencies.
Out of all the Adobe security updates released today, Adobe Acrobat & Reader had the most vulnerabilities, with 14 fixes.
It is recommended to install updates ASAP
If you are using Adobe product, then you should update as soon as possible, as otherwise the bugs could represent a potential entry-gate to you workmachine.
Given that the Adobe Acrobat & Reader CVE-2021-28550 vulnerability is known to be used in active attacks, the sooner the updates are installed, the better.
In most cases, you can update the software using the product's auto-update features. Simply access the Go to Help section and Check for Updates. Alternatively, you can check for updates via Adobe Creative Cloud.
The full update installers can be downloaded from Adobe's Download Center.
Generally speaking, the products update automatically when patches are detected, without any user intervention. Then again, if the new update is not available via auto update, you can find the latest download links in the security bulletins.