Security updates released for Adobe Reader zero-day vulnerability to arbitrary code execution

Adobe is warning customers of a critical zero-day bug that is active in the wild affecting its Adobe Acrobat PDF reader software.

The bug, tracked as CVE-2021-28550, affects eight versions of Adobe software (full list below) and exploits vulnerabilities in the software including arbitrary code execution, memory leaks and exposure of private information.

10 critical and four important vulnerabilities were addressed in Adobe Reader and Acrobat in addition to five critical flaws in Adobe Illustrator that were resolved by Tuesday’s security patch release. The technical specific details of the bug were not available to Adobe software users until after the 43 patch fixes were downloaded which meant that before manual user installation, the zero-day bug allowed for hackers to execute virtually any command on targeted systems.

Users can download these new security fixes by initiating the auto update feature of Acrobat and Reader by going to Help –> Check for Updates and installing via the Adobe Download Centre. This will remove the user intervention necessity to manually install security updates and allows Adobe products to update automatically upon detection of patch releases.

List of affected Adobe software versions:

– Acrobat DC, 2021.001.20150  and earlier versions - Windows

– Acrobat Reader DC, 2021.001.20150  and earlier versions – Windows

– Acrobat DC, 2021.001.20149  and earlier versions - macOS

– Acrobat Reader DC, 2021.001.20149  and earlier versions – macOS

– Acrobat 2020, 2020.001.30020 and earlier versions – Windows & macOS

– Acrobat Reader 2020, 2020.001.30020 and earlier versions – Windows & macOS

– Acrobat 2017, 2017.011.30194  and earlier versions – Windows & macOS

– Acrobat Reader 2017, 2017.011.30194  and earlier versions – Windows & macOS


Adobe Lightroom Users Suffer Data Loss

Many Adobe Lightroom users on iOS have suffered a crippling data loss after a faulty routine update.

Users who updated to Adobe Lightroom Mobile 5.4.0 on iPhone or iPad had their photos and software presets deleted unexpectedly.

Adobe, which develops a large suite of creative apps for the media and design-sectors, has apologised and issued an update for the fault, but made clear that the lost data is irretrievable to those without backups.

The software company’s statement clarify it is only a subset of Lightroom users who have been affected – specifically those:

  • Using Lightroom Mobile 5.4.0 on an iOS device (iPhone/iPad)
  • Without an Adobe Cloud Subscription, or with cloud sync disabled
  • Without a separate device or cloud backup (such as iCloud) in operation, independent of Lightroom itself.

This includes many free version users who would have trialled Lightroom without a full Adobe Creative Cloud subscription.

Hundreds of unlucky users took to Adobe’s Support Forums, social media and Reddit to complain that years of photos had been lost as part of the routine update. Others flagged that restoring from local device backups deleted the restore once the app was re-opened.

As noted by The Register, Adobe’s problem is especially acute given Lightroom’s specialist popularity among professional photographers, and others who have significant time or money invested in valued images.

Users are advised to update to 5.4.1 to avoid the issue, although this will not restore lost photos. As always: please, please, please maintain an independent backup of all data you can’t afford to lose.

 

For IT Support and business continuity assistance, please contact our team today.


Adobe asks users to uninstall Flash

Creative-software house Adobe is urging users to uninstall Adobe Flash, before the software reaches End-Of-Life (EOL) in December 2020.

System administrators can find details on the end of Flash support here.

Flash is being retired for cybersecurity reasons: the same technology which can easily load web-based games or other client-side content is especially vulnerable to exploitation by hackers to run malicious scripts on a user’s device.

Adobe state in an update on their website that all security updates, and the availability of all version downloads, will cease from this date.

Flash-based content will also cease working – leading technical experts to suggest Adobe have recently programmed a ‘time-bomb’ into the code of Flash Player to render it useless after the supported date. This should help prevent users seeking out third-party versions, and represents one of the strictest policies towards end-of-life enacted by a major software developer.

Fewer and fewer websites still operate this way (possibly as low as 2.6%) since the original announcement of the technology being retired in July 2017. This follows major browser developers, including Google, Microsoft, Apple & Mozilla urging developers to transition to HTML5 and Javascript alternatives that are more integrated into the browser itself.

For Cybersecurity and IT expertise, contact our team today.


Adobe discount slashes pricing for education sector

Adobe has announced a large discount for its Creative Cloud suite of apps, in a special Adobe discount scheme designed to win over the education sector.

The leading creative software package will now cost only $5 per user/month in the US, or around £4 in the UK – a large discount on the original $25/£18 per user/month price – although this Adobe discount price will currently only be available to academic institutions purchasing a minimum of 500 licenses.

Many of the big names in software, including Microsoft’s Office 365, Google’s G-Suite and other popular products such as ESET’s antivirus range, have been offered with significant discounts for the education sector through partner resellers, in the hope of capturing the next generation of technology users early, and contributing to wider learning.

In each case, the gesture is undoubtedly a worthy public relations boost, with Adobe also pledging to support workshop schemes to show educators how to teach with Adobe’s suite of creative apps in the classroom.

In both cases early access is especially important for Adobe Creative Cloud, which includes Photoshop, Lightroom, InDesign and many other leading creative apps, because of the very high high barrier to entry: both creatively and by cost – despite the software brand being simply unrivaled across the creative sector.

Adobe clearly hopes the dramatically reduced Adobe discount pricing will wet the appetite of larger organisations, and introduce high quality design apps to a much wider audience at an earlier age.