Adobe fix Acrobat Reader zero-day CVE-2021-28550 vulnerability that have been exploited in the wild
The second Tuesday of every month is the day when Microsoft releases routine updates. Adobe now also releases updates along with Microsoft. Adobe also launched new security updates according to the release process.
The key product of this security update is Adobe Acrobat Reader. This PDF reader was found by researchers to have a security vulnerability, and this vulnerability has been exploited by hackers in the wild before it was discovered by researchers or Adobe. Considering that the Adobe PDF editor has a wide range of users, it is quite dangerous to appear such security vulnerabilities, especially those that have been exploited.
Therefore, Adobe immediately urged all users to upgrade to the latest version of Adobe Acrobat Reader to block the vulnerability after issuing the security bulletin. The vulnerability is CVE-2021-28550. Adobe did not disclose the details of the vulnerability but said that if hackers successfully exploit this vulnerability, Arbitrary code can be executed in the existing user environment, and that’s why this vulnerability is classified as a major security vulnerability.
The affected products include Adobe Acrobat DC, Adobe Acrobat Reader DC, Adobe Acrobat 2020, Adobe Acrobat Reader 2020, Adobe Acrobat 2017, and Adobe Acrobat Reader 2017. Theoretically speaking, as long as an attacker especially makes a PDF document and then publishes it on the Internet or induces users to open it through an email, the vulnerability can be exploited.
In the description, Adobe also admitted that this vulnerability was indeed exploited before it was fixed, but for now, there are very few attackers using this vulnerability. Some hackers on the Internet use this vulnerability to launch targeted attacks on Windows users. Adobe urges users to upgrade as soon as possible and not to open documents of unknown origin.
In addition to this vulnerability, there are also some high-risk vulnerabilities, but none of these vulnerabilities have been exploited in the wild. From the security bulletin, we can see that Adobe Acrobat also repaired 42 security vulnerabilities, involving both Windows and macOS versions of Adobe Acrobat products. If you cannot upgrade for various reasons, remember not to open any PDF documents of unknown origin, especially those downloaded from the Internet.