Adobe patches critical vulnerabilities in Reader, Acrobat, and Illustrator

July 13, 2021  By Pierluigi Paganini


Adobe addressed multiple critical vulnerabilities in several products, including Adobe Acrobat and Reader application.

Adobe addressed multiple critical remote code execution and privilege escalation vulnerabilities in multiple products running on both Windows and macOS systems.

The flaws fixed by Adobe affect Acrobat and Reader, Illustrator, Framemaker, Dimension and Bridge products. Below the list of advisories released by the software giant that address 29 vulnerabilities (CVEs):

Acrobat

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. The updates address a total of 19 critical and important vulnerabilities. An attacker could exploit the flaw to execute arbitrary code in the context of the current user.

“The update for Dimension also could allow code execution. For Illustrator, three bugs are being fixed. The two that allow for code execution occur in during the processing of PDF and JPEG2000 files. These issues result from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. Similar Out-Of-Bounds (OOB) Write bugs exist in the five fixes for Bridge. Again, code execution would occur at the level of the logged-on user. The single CVE fixed by the Framemaker patch corrects an OOB Write that exists within the parsing of TrueType fonts embedded in PDF files.” reads the post published by the Zero Day Initiative (ZDI).

Adobe Product Security Incident Response Team (PSIRT) confirmed that it was not aware of any public exploits targeting any of the security vulnerabilities addressed with the latest security updates.

“None of the bugs fixed this month by Adobe are listed as publicly known or under active attack at the time of release.” states ZDI.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Adobe Acrobat)

[adrotate banner=”5″]

[adrotate banner=”13″]



Pierluigi Paganini
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.





You might also like





  • Digging the Deep Web: Exploring the dark side of the web

    Digging The Deep Web

  • Center for Cyber Security and International Relations Studies

  • Subscribe Security Affairs Newsletter

    newsletter

  • SecurityAffairs awarded as Best European Cybersecurity Tech Blog at European Cybersecurity Blogger Awards

    EU Sec Bloggers Awards 22


More Story

ModiPwn flaw in Modicon PLCs bypasses security mechanisms

 ModiPwn flaw (CVE-2021-22779) in some of Schneider Electric’s Modicon PLCs can allow attackers to bypass authentication...