Adobe Releases Security Updates For Acrobat and Reader

Adobe has issued a security update for its Acrobat and Reader software to fix a vulnerability. The products include Acrobat Reader DC, Acrobat DC, Acrobat Reader 2020, Acrobat 2020, Acrobat Reader 2017, and Acrobat 2017 for both Windows and Mac.

The firm admitted that the flaw has been "exploited in the wild in limited attacks targeting Adobe Reader users on Windows," according to its security bulletin.

ADVERTISEMENT

The flaw found is called CVE-2021-28550. It is a remote code execution flaw in Windows that could enable attackers to run about every command, such as malware installation and device takeover. If executed successfully, it could lead to arbitrary code execution.

Adobe Security Updates For Acrobat and Reader

Code execution is a major threat, according to cybersecurity experts. Shawn Smith, nVisium's Director of Technology estimates that manually verifying any instance of some program has been modified could take a lot of hours.

ADVERTISEMENT

Because of the widespread usage of Adobe services in both public and private industries, Sean Nikkel, Digital Shadows’ Senior Intel Analyst of Cyber Threat, said that using malicious PDF files has been a hallmark of numerous cybercriminals for many years.

Nikkel also referred to Adobe as the "Microsoft with a lot of office productivity software."

He explained that in the past, attackers have sent phishing emails including PDF attachments to lure users in downloading and opening the files. Usually, they are under the disguise of a critical file for inspection, such as a news report, financial document, or shipping mark.

ADVERTISEMENT

"In some other instances, a would-be attacker could create a malicious website that is also hosting weaponized PDF files," he said.

"Generally, PDF documents, which frequently are opened either via browser or a reader such as Adobe Acrobat or Reader, can contain malicious Javascript or allow some other system interaction that allows code execution or other vectors of attack to occur, sometimes without the user knowing."

According to Nikkel, some analysts are witnessing a significant rise in cyberattacks using harmful files. The spike is being attributed to extensive remote work due to the pandemic for the past year.

Customers who use compromised Adobe software should execute the update as early as possible. It will resolve vulnerabilities and avoid further exploitation of malware configurations.

Given that the CVE-2021-28550 flaw found in Adobe Acrobat and Reader is considered to be used in active attacks, the advised update is very important. Users can typically update their program by using the product's auto-update function.

No posts to display