Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.
The disclosed vulnerabilities, including the flaw CVE-2021-21550, could allow for arbitrary code execution. Adobe says the zero-day vulnerability (CVE-2021-28550) “has been exploited in the wild in limited attacks targeting Adobe Reader users on Windows.” There are currently no reports of these vulnerabilities being exploited in the "wild" at the time this was posted.
Adobe released a patch of 43 fixes for 12 of its products and recommends this patch be applied immediately.
One can update their product installations manually when the product is running by choosing Help > Check for Updates.
In addition, the products will update automatically, without requiring user intervention, when updates are detected.
The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center.
(References: https://helpx.adobe.com/security.html, https://helpx.adobe.com/security/products/acrobat/apsb21-29.html and https://www.securityweek.com/adobe-windows-users-hit-pdf-reader-zero-day).
Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.