Security News > 2021 > May > Alert: Hackers Exploit Adobe Reader 0-Day Vulnerability in the Wild

Adobe has released Patch Tuesday updates for the month of May with fixes for multiple vulnerabilities spanning 12 different products, including a zero-day flaw affecting Adobe Reader that's actively exploited in the wild.

In a security bulletin, the company acknowledged it received reports that the flaw "Has been exploited in the wild in limited attacks targeting Adobe Reader users on Windows." Tracked as CVE-2021-28550, the zero-day concerns an arbitrary code execution flaw that could allow adversaries to execute virtually any command on target systems.

While the targeted attacks took aim at Windows users of Adobe Reader, the issue affects both Windows and macOS versions of Acrobat DC, Acrobat Reader DC, Acrobat 2020, Acrobat Reader 2020, Acrobat 2017, and Acrobat Reader 2017.

An anonymous researcher has been credited with reporting the vulnerability.

10 critical and four important vulnerabilities were addressed in Adobe Acrobat and Reader, followed by remediation for five critical flaws in Adobe Illustrator that could lead to arbitrary code execution in the context of the current user.

Adobe credited Kushal Arvind Shah of Fortinet's FortiGuard Labs with reporting three of the five vulnerabilities.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/h9imKYsbJ_o/alert-hackers-exploit-adobe-reader-0.html