High Threat Security Alert (A21-02-06): Multiple Vulnerabilities in Adobe Reader/Acrobat

Description:

Security updates are released for Adobe Reader and Acrobat to address multiple vulnerabilities. A remote attacker would entice a targeted user to open a specially crafted PDF file to exploit the vulnerabilities.

Reports indicated that the arbitrary code execution vulnerability (CVE-2021-21017) in Adobe Reader/Acrobat has been exploited in the wild for attacks targeting Windows users. System administrators are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

Affected Systems:

• Acrobat DC for Windows and macOS Continuous 2020.013.20074 and earlier versions
• Acrobat Reader DC for Windows and macOS Continuous 2020.013.20074 and earlier versions
• Acrobat 2020 for Windows and macOS Classic 2020.001.30018 and earlier versions
• Acrobat Reader 2020 for Windows and macOS Classic 2020.001.30018 and earlier versions
• Acrobat 2017 for Windows and macOS Classic 2017 2017.011.30188  and earlier versions
• Acrobat Reader 2017 for Windows and macOS Classic 2017 2017.011.30188 and earlier versions

Impact:

A successful exploitation could lead to arbitrary code execution, denial-of-service, privilege escalation and information disclosure on an affected system.

Recommendation:

Users of affected systems should update the Adobe Reader and Acrobat to the following versions to address the issue. The updates can be obtained by using the auto-update mechanism or by downloading at the following URLs:

• Acrobat DC for Windows and macOS Continuous 2021.001.20135
  This link will open in a new windowhttps://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotesDC/index.html#continuous-track
• Acrobat Reader DC for Windows and macOS Continuous 2021.001.20135
  This link will open in a new windowhttps://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotesDC/index.html#continuous-track
• Acrobat 2020 for Windows and macOS Classic 2020 2020.001.30020
  This link will open in a new windowhttps://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotesDC/index.html#classic-track
• Acrobat Reader 2020 for Windows and macOS Classic 2020 2020.001.30020
  This link will open in a new windowhttps://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotesDC/index.html#classic-track
• Acrobat 2017 for Windows and macOS Classic 2017 2017.011.30190
  This link will open in a new windowhttps://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotesDC/index.html#id3
• Acrobat Reader 2017 for Windows and macOS Classic 2017 2017.011.30190
  This link will open in a new windowhttps://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotesDC/index.html#id3

More Information:

• This link will open in a new windowhttps://helpx.adobe.com/security/products/acrobat/apsb21-09.html
• This link will open in a new windowhttps://www.hkcert.org/security-bulletin/adobe-monthly-security-update-feb-2021-_20210210
• This link will open in a new windowhttps://us-cert.cisa.gov/ncas/current-activity/2021/02/09/adobe-releases-security-updates
• This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21017
• This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21021
• This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21028
• This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21033 (to CVE-2021-21042)
• This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21044 (to CVE-2021-21046)
• This link will open in a new windowhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21057 (to CVE-2021-21063)