May 2021 Patch Tuesday has seen Adobe issue 43 updates to fix vulnerabilities in 12 different products, including a patch to fix a vulnerability in the Adobe Acrobat and Adobe Reader that is currently being exploited in the wild.
The actively exploited zero-day vulnerability is tracked as CVE-2021-28550 and has been exploited in attacks on Windows devices. The flaw also affects macOS devices, but they are not currently believed to have been targeted. The remote code execution vulnerability allows an attacker to execute almost any command on a vulnerable device, which could allow the attacker to take full control of the device.
The vulnerability is present in the following product versions.
- Windows Acrobat DC & Reader DC (versions 2021.001.20150 and earlier)
- macOS Acrobat DC & Reader DC (versions 2021.001.20149 and earlier)
- Windows & macOS Acrobat 2020 & Acrobat Reader 2020 (2020.001.30020 and earlier versions)
- Windows & macOS Acrobat 2017 & Acrobat Reader 2017 (2017.011.30194 and earlier versions)
In addition to the zero-day, a further 9 critical and 4 important vulnerabilities have been patched in Adobe Acrobat and Reader. 7 of the critical flaws could be exploited to allow arbitrary execution of code.
5 critical code execution vulnerabilities have been patched in Adobe illustrator, 3 critical code execution flaws have been patched in Adobe InDesign, and 2 in Adobe Animate, along with 5 vulnerabilities rated important.
Patches have also been issued to correct critical flaws in Adobe Experience Manager, Adobe InCopy, Adobe Creative Cloud Desktop Application, and Adobe Medium, while Adobe Genuine Service and Magento have had important and moderate severity flaws fixed.
Users of the vulnerable products have been advised to update them to the latest version of the software as soon as possible to prevent exploitation of the vulnerabilities, especially users of Adobe Reader and Adobe Acrobat.
If the updates are not applied automatically, they can be applied manually via Help > Check for Updates, with the product update installers available from Adobe’s Download Center.