Adobe Eliminates 0Day in Adobe Acrobat, Microsoft - 55 Vulnerabilities in Its Software

Adobe has warned customers about a critical 0Day vulnerability ( CVE-2021-28550 ), which cybercriminals are actively exploiting in real attacks. The issue affects the Adobe Acrobat PDF reader software and allows arbitrary code to be executed on the system.

CVE-2021-28550 affects eight software versions, including those running on Windows and MacOS systems: Windows Acrobat DC and Reader DC (versions 2021.001.20150 and later), MacOS Acrobat DC and Reader DC (versions 2021.001.20149 and older), Windows and macOS Acrobat 2020 and Acrobat Reader 2020 (versions 2020.001.30020 and later), Windows and macOS Acrobat 2017 and Acrobat Reader 2017 (versions 2017.011.30194 and later).

Adobe did not provide technical details for the zero-day vulnerability. The developers have released a patch that fixes this problem, as well as 43 other vulnerabilities in 12 products, including Adobe Creative Cloud, Illustrator, InDesign and Magento applications.

Microsoft has also addressed a number of critical vulnerabilities as part of Patch Tuesday. In total, the tech giant has eliminated 55 vulnerabilities. Information about three dangerous vulnerabilities was disclosed earlier, but so far there is no evidence of their exploitation in real attacks:

  • CVE-2021-31204 - Privilege escalation vulnerability in .NET and Visual Studio.
  • CVE-2021-31207 - A security feature bypass vulnerability in Microsoft Exchange Server.
  • CVE-2021-31200 is a remote code execution vulnerability in Microsoft's NNI (Neural Network Intelligence) toolbox.

Experts warned that attackers could analyze patches to generate PoC code to exploit vulnerabilities, especially in the case of Microsoft Exchange. Therefore, users are strongly encouraged to apply security updates as soon as possible.

Previous Post Next Post