Search Information Security site

 

Main menu

Adobe Zero-Day flaw CVE-2021-28550

Date: 
Wednesday, May 12, 2021 - 13:30

 

On Tuesday, May 11, 2021, Adobe announced multiple vulnerabilities in many Adobe products, including Acrobat and Acrobat reader for Windows and Macintosh computers

The disclosed vulnerabilities, including the flaw CVE-2021-21550, could allow for arbitrary code execution.  Adobe says the zero-day vulnerability (CVE-2021-28550) “has been exploited in the wild in limited attacks targeting Adobe Reader users on Windows.”  There are currently no reports of these vulnerabilities being exploited in the "wild" at the time this was posted.   

Adobe released a patch of 43 fixes for 12 of its products and recommends this patch be applied immediately.   

One can update their product installations manually when the product is running by choosing Help > Check for Updates.     
In addition, the products will update automatically, without requiring user intervention, when updates are detected.      

The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center.     

(References: https://helpx.adobe.com/security.htmlhttps://helpx.adobe.com/security/products/acrobat/apsb21-29.html and https://www.securityweek.com/adobe-windows-users-hit-pdf-reader-zero-day).

 

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.

Complete Report Form