Security News > 2021 > May > Adobe fixes Reader zero-day vulnerability exploited in the wild
Adobe has released a massive Patch Tuesday security update release that fixes vulnerabilities in twelve different applications, including one actively exploited vulnerability Adobe Reader.
Of particular concern, Adobe warns that one of the Adobe Acrobat and Reader vulnerabilities tracked as CVE-2021-28550 has been exploited in the wild in limited attacks against Adobe Reader on Windows devices.
In total, there were 43 vulnerabilities fixed, not including dependencies in Adobe Experience Manager.
Out of all the Adobe security updates released today, Adobe Acrobat & Reader had the most fixes, with 14 vulnerabilities.
Adobe advises customers using vulnerable products to update to the latest versions as soon as possible to fix bugs that could lead to successful exploitation of unpatched installations.
This guidance is critical today, considering that the Adobe Acrobat & Reader CVE-2021-28550 vulnerability is known to be used in active attacks.
News URL
Related news
- Versa fixes Director zero-day vulnerability exploited in attacks (source)
- Volt Typhoon Hackers Exploit Zero-Day Vulnerability in Versa Director Servers Used by MSPs, ISPs (source)
- Adobe fixes Acrobat Reader zero-day with public PoC exploit (source)
- Adobe fixed Acrobat bug, neglected to mention whole zero-day exploit thing (source)
- Windows vulnerability abused braille “spaces” in zero-day attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-02 | CVE-2021-28550 | Use After Free vulnerability in Adobe products Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability. | 8.8 |