Adobe fixes critical Reader vulnerability exploited in the wild

[mood]

Adobe fixes critical Reader vulnerability exploited in the wild

 

 

Adobe has released security updates that address an actively exploited vulnerability in Adobe Reader and other critical bugs in Adobe Acrobat, Magento, Photoshop, Animate, Illustrator, and Dreamweaver.

 

In total, the company addressed fifty security vulnerabilities affecting seven products, with many of them rated as critical as they local arbitrary code execution.

 

The Adobe Reader bug known to be actively exploited in the wild is tracked as CVE-2021-21017. This vulnerability is a buffer overflow bug that would allow a malicious website to perform remote code execution on the vulnerable computer.

 

Code execution bugs are the most serious as they could allow attackers to execute almost any command on a device, including installing f to install malware or take over the device.

 

In addition to the actively exploited Reader vulnerability, Adobe also fixed other critical vulnerabilities in their products, including:

• 18 Magento vulnerabilities
• 23 Acrobat and Reader vulnerabilities.
• 5 Photoshop vulnerabilities
• 1 Adobe Animate vulnerability
• 2 Adobe Illustrator vulnerabilities
• 1 Adobe Dreamweaver vulnerability

Adobe advises customers using vulnerable products to update to the latest versions as soon as possible to block attacks that could lead to successful exploitation of unpatched installations.

 

In most cases, users can update their software by using the auto-update feature of the product using the following steps:

• By going to Help > Check for Updates.
• The full update installers can be downloaded from Adobe's Download Center.
• Let the products update automatically, without requiring user intervention, when updates are detected.

 

Other products, like Magento, may require a user to install the security patch manually.

 

 

Source: Adobe fixes critical Reader vulnerability exploited in the wild