Adobe has released a massive patch yesterday that fixes issues with twelve different applications, including one actively exploited vulnerability in Adobe Reader. The patched applications include Adobe Experience Manager, Adobe InDesign, Adobe Illustrator, Adobe InCopy, Adobe Genuine Service, Adobe Acrobat and Reader, Magento, Adobe Creative Cloud Desktop Application, Adobe Media Encoder, Adobe After Effects, Adobe Medium, and Adobe Animate. Of particular concern, Adobe warns that one of the Adobe Acrobat and Reader vulnerabilities tracked as CVE-2021-28550 has been exploited in the wild in limited attacks against Adobe Reader on Windows devices. This flaw is a remote code execution vulnerability that could allow an attacker to execute commands in Windows, including running malware and possibly taking over the victim’s computer. In total, there are 43 vulnerabilities fixed, not including dependencies in Adobe Experience Manager.
Anyone who used Adobe products are highly recommended to download and apply this patch as soon as possible. This recommendation is extremely important seeing as though the vulnerability in Adobe Acrobat and Reader is actively being exploited. If the user hasn’t enabled auto-update on their Adobe products, which is the safest method, the following steps should be followed:
• Go to Help > Check for Updates.
• The full update installers can be downloaded from Adobe’s Download Center.
• Let the products update automatically, without requiring user intervention, when updates are detected.