Security updates released for Adobe Reader after vulnerability ‘exploited in the wild’ | ZDNet

By Kevin Colleran On May 12, 2021

Adobe has released a security update to address a vulnerability affecting both Windows and Mac versions of Acrobat DC, Acrobat Reader DC, Acrobat 2020, Acrobat Reader 2020, Acrobat 2017 and Acrobat Reader 2017.

In a security bulletin, the company acknowledged that it has received reports of the vulnerability being “exploited in the wild in limited attacks targeting Adobe Reader users on Windows.”

The flaw, labeled CVE-2021-28550, could lead to arbitrary code execution if successfully exploited.

Cybersecurity experts, like nVisium director of infrastructure Shawn Smith, said code execution is a serious threat that can potentially cost hundreds of labor hours to manually verify every instance of some software has been updated.

Sean Nikkel, senior cyber threat intel analyst at Digital Shadows, said the use of malicious PDF files has been a staple of various nation-state actors, as well as criminal actors, for years because of the ubiquity of Adobe products in use for the private and public sectors.

He called Adobe the “Microsoft of a lot of office productivity software” and added that attackers historically have used phishing emails with PDF attachments to entice users to download and open files, generally under the pretense of it being a critical document for review, such as a financial document, news article, or a shipping label.

“In some other instances, a would-be attacker could create a malicious website that is also hosting weaponized PDF files,” Nikkel said.

“Generally, PDF documents, which frequently are opened either via browser or a reader such as Adobe Acrobat or Reader, can contain malicious Javascript or allow some other system interaction that allows code execution or other vectors of attack to occur, sometimes without the user knowing.”

Nikkel explained that some researchers are reporting massive increases in attacks with weaponized documents and theorizing the increase resulted from widespread remote work over the past year.

Stay connected with us on social media platform for instant update click here to join our T witter, & Facebook

We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TechiLive.in is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.