reader Archives - Lineal IT Support

Security updates released for Adobe Reader zero-day vulnerability to arbitrary code execution

Posted on 12th May 2021 at 11:18 am.

Written by admin

Adobe is warning customers of a critical zero-day bug that is active in the wild affecting its Adobe Acrobat PDF reader software.

The bug, tracked as CVE-2021-28550, affects eight versions of Adobe software (full list below) and exploits vulnerabilities in the software including arbitrary code execution, memory leaks and exposure of private information.

10 critical and four important vulnerabilities were addressed in Adobe Reader and Acrobat in addition to five critical flaws in Adobe Illustrator that were resolved by Tuesday’s security patch release. The technical specific details of the bug were not available to Adobe software users until after the 43 patch fixes were downloaded which meant that before manual user installation, the zero-day bug allowed for hackers to execute virtually any command on targeted systems.

Users can download these new security fixes by initiating the auto update feature of Acrobat and Reader by going to Help –> Check for Updates and installing via the Adobe Download Centre. This will remove the user intervention necessity to manually install security updates and allows Adobe products to update automatically upon detection of patch releases.

List of affected Adobe software versions:

– Acrobat DC, 2021.001.20150  and earlier versions - Windows

– Acrobat Reader DC, 2021.001.20150  and earlier versions – Windows

– Acrobat DC, 2021.001.20149  and earlier versions - macOS

– Acrobat Reader DC, 2021.001.20149  and earlier versions – macOS

– Acrobat 2020, 2020.001.30020 and earlier versions – Windows & macOS

– Acrobat Reader 2020, 2020.001.30020 and earlier versions – Windows & macOS

– Acrobat 2017, 2017.011.30194  and earlier versions – Windows & macOS

– Acrobat Reader 2017, 2017.011.30194  and earlier versions – Windows & macOS

Zero-Day Patch Released for Adobe Reader DC

Posted on 13th February 2019 at 10:23 am.

Written by Jevon Whitby

Adobe have released an urgent update for Adobe Reader DC, patching newly discovered security vulnerabilities.

The highly popular PDF app, often pre-installed on Windows PCs, has been shown to contain a loophole that allows an attacker to remotely run Javascript code within an opened PDF to cause memory corruption.

Currently rated ‘Critical’ by Adobe’s Severity Rating System, the bug is believed to have originated from entirely legitimate functionality: Adobe Reader allows PDFs to contain embedded JavaScript to support interactions with the web.

Adobe have responded quickly – publishing the fix to Adobe Security Bulletin alongside patching for 42 other vulnerabilities as of Wednesday 12th February, including one which allowed PDF documents to access hashed passwords.

Adobe Reader is officially 25 years old this year, and although official figures are hard to source, is popularly believed to dominate more than 75% of the PDF software market.

Users can either auto-update their installation or prompt this manually by clicking ‘Help’ > ‘Check for Updates’ within the software itself.

For software and security expertise, contact Lineal today.