Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.
Adobe Zero-Day flaw CVE-2021-28550
Date
On Tuesday, May 11, 2021, Adobe announced multiple vulnerabilities in many Adobe products, including Acrobat and Acrobat reader for Windows and Macintosh computers
The disclosed vulnerabilities, including the flaw CVE-2021-21550, could allow for arbitrary code execution. Adobe says the zero-day vulnerability (CVE-2021-28550) “has been exploited in the wild in limited attacks targeting Adobe Reader users on Windows.” There are currently no reports of these vulnerabilities being exploited in the "wild" at the time this was posted.
Adobe released a patch of 43 fixes for 12 of its products and recommends this patch be applied immediately.
One can update their product installations manually when the product is running by choosing Help > Check for Updates.
In addition, the products will update automatically, without requiring user intervention, when updates are detected.
The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center.
(References: https://helpx.adobe.com/security.html, https://helpx.adobe.com/security/products/acrobat/apsb21-29.html and https://www.securityweek.com/adobe-windows-users-hit-pdf-reader-zero-day).