High Threat Security Alert (A21-02-06): Multiple Vulnerabilities in Adobe Reader/Acrobat


 

Published on: 10 February 2021

  
  

Description:

Security updates are released for Adobe Reader and Acrobat to address multiple vulnerabilities. A remote attacker would entice a targeted user to open a specially crafted PDF file to exploit the vulnerabilities.

Reports indicated that the arbitrary code execution vulnerability (CVE-2021-21017) in Adobe Reader/Acrobat has been exploited in the wild for attacks targeting Windows users. System administrators are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

Affected Systems:

  • Acrobat DC for Windows and macOS Continuous 2020.013.20074 and earlier versions
  • Acrobat Reader DC for Windows and macOS Continuous 2020.013.20074 and earlier versions
  • Acrobat 2020 for Windows and macOS Classic 2020.001.30018 and earlier versions
  • Acrobat Reader 2020 for Windows and macOS Classic 2020.001.30018 and earlier versions
  • Acrobat 2017 for Windows and macOS Classic 2017 2017.011.30188  and earlier versions
  • Acrobat Reader 2017 for Windows and macOS Classic 2017 2017.011.30188 and earlier versions

Impact:

A successful exploitation could lead to arbitrary code execution, denial-of-service, privilege escalation and information disclosure on an affected system.

Recommendation:

Users of affected systems should update the Adobe Reader and Acrobat to the following versions to address the issue. The updates can be obtained by using the auto-update mechanism or by downloading at the following URLs:

  • Acrobat DC for Windows and macOS Continuous 2021.001.20135
    https://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotesDC/index.html#continuous-track
  • Acrobat Reader DC for Windows and macOS Continuous 2021.001.20135
    https://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotesDC/index.html#continuous-track
  • Acrobat 2020 for Windows and macOS Classic 2020 2020.001.30020
    https://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotesDC/index.html#classic-track
  • Acrobat Reader 2020 for Windows and macOS Classic 2020 2020.001.30020
    https://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotesDC/index.html#classic-track
  • Acrobat 2017 for Windows and macOS Classic 2017 2017.011.30190
    https://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotesDC/index.html#id3
  • Acrobat Reader 2017 for Windows and macOS Classic 2017 2017.011.30190
    https://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotesDC/index.html#id3

More Information:

  • https://helpx.adobe.com/security/products/acrobat/apsb21-09.html
  • https://www.hkcert.org/security-bulletin/adobe-monthly-security-update-feb-2021-_20210210
  • https://us-cert.cisa.gov/ncas/current-activity/2021/02/09/adobe-releases-security-updates
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21017
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21021
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21028
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21033 (to CVE-2021-21042)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21044 (to CVE-2021-21046)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21057 (to CVE-2021-21063)


Tag: Adobe , Acrobat , Acrobat Reader , Adobe Reader
Tags