Security News > 2021 > May > Alert: Hackers Exploit Adobe Reader 0-Day Vulnerability in the Wild
Adobe has released Patch Tuesday updates for the month of May with fixes for multiple vulnerabilities spanning 12 different products, including a zero-day flaw affecting Adobe Reader that's actively exploited in the wild.
In a security bulletin, the company acknowledged it received reports that the flaw "Has been exploited in the wild in limited attacks targeting Adobe Reader users on Windows." Tracked as CVE-2021-28550, the zero-day concerns an arbitrary code execution flaw that could allow adversaries to execute virtually any command on target systems.
While the targeted attacks took aim at Windows users of Adobe Reader, the issue affects both Windows and macOS versions of Acrobat DC, Acrobat Reader DC, Acrobat 2020, Acrobat Reader 2020, Acrobat 2017, and Acrobat Reader 2017.
An anonymous researcher has been credited with reporting the vulnerability.
10 critical and four important vulnerabilities were addressed in Adobe Acrobat and Reader, followed by remediation for five critical flaws in Adobe Illustrator that could lead to arbitrary code execution in the context of the current user.
Adobe credited Kushal Arvind Shah of Fortinet's FortiGuard Labs with reporting three of the five vulnerabilities.
News URL
Related news
- Hackers Exploit Fortinet Flaw, Deploy ScreenConnect, Metasploit in New Campaign (source)
- Hackers Exploit OpenMetadata Flaws to Mine Crypto on Kubernetes (source)
- Microsoft: APT28 hackers exploit Windows flaw reported by NSA (source)
- Microsoft: APT28 hackers exploit Windows flaw reported by NSA (source)
- Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028) (source)
- ArcaneDoor hackers exploit Cisco zero-days to breach govt networks (source)
- State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage (source)
- Hackers exploit LiteSpeed Cache flaw to create WordPress admins (source)
- Helsinki suffers data breach after hackers exploit unpatched flaw (source)
- North Korean Hackers Exploit Facebook Messenger in Targeted Malware Campaign (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-09-02 | CVE-2021-28550 | Use After Free vulnerability in Adobe products Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability. | 8.8 |