Lucene search

K
thn
The Hacker NewsTHN:8243BE07E124CAD984B8B4895550A7CC
HistoryMay 12, 2021 - 5:41 a.m.

Alert: Hackers Exploit Adobe Reader 0-Day Vulnerability in the Wild

2021-05-1205:41:00
The Hacker News
thehackernews.com
127

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

Adobe has released Patch Tuesday updates for the month of May with fixes for multiple vulnerabilities spanning 12 different products, including a zero-day flaw affecting Adobe Reader that’s actively exploited in the wild.

The list of updated applications includes Adobe Experience Manager, Adobe InDesign, Adobe Illustrator, Adobe InCopy, Adobe Genuine Service, Adobe Acrobat and Reader, Magento, Adobe Creative Cloud Desktop Application, Adobe Media Encoder, Adobe After Effects, Adobe Medium, and Adobe Animate.

In a security bulletin, the company acknowledged it received reports that the flaw “has been exploited in the wild in limited attacks targeting Adobe Reader users on Windows.” Tracked as CVE-2021-28550, the zero-day concerns an arbitrary code execution flaw that could allow adversaries to execute virtually any command on target systems.

While the targeted attacks took aim at Windows users of Adobe Reader, the issue affects both Windows and macOS versions of Acrobat DC, Acrobat Reader DC, Acrobat 2020, Acrobat Reader 2020, Acrobat 2017, and Acrobat Reader 2017. An anonymous researcher has been credited with reporting the vulnerability.

10 critical and four important vulnerabilities were addressed in Adobe Acrobat and Reader, followed by remediation for five critical flaws (CVE-2021-21101-CVE-2021-21105) in Adobe Illustrator that could lead to arbitrary code execution in the context of the current user. Adobe credited Kushal Arvind Shah of Fortinet’s FortiGuard Labs with reporting three of the five vulnerabilities.

In all, a total of 43 security weaknesses have been resolved in Tuesday’s update. Users are advised to update their software installations to the latest versions to mitigate the risk associated with the flaws.

Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.

Be first who know about 0-days in popular software

Do not waste time on finding information in tons of articles. Subscribe yourself and your colleagues on news and articles about products you need and you use!

Subscribe on news

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

Related for THN:8243BE07E124CAD984B8B4895550A7CC