Issuing a security bulletin, Adobe said the patch is designed for Acrobat DC, Acrobat Reader DC, Acrobat 2020, Acrobat Reader 2020, Acrobat 2017, and Acrobat Reader 2017, both on Windows and Mac OS, ZDNet reported.
Adobe has published a security update for a handful of its products after discovering serious vulnerabilities apparently being exploited in the wild.
Adobe described the patched flaws, labeled as CVE-2021-28550, as “critical” and “important”, saying they were being exploited in the wild, and, if successfully exploited, could lead to arbitrary code execution. It basically means the attacker could use the productivity programs to run various types of malicious code on the target machine.
Describing the Adobe suite as the “Microsoft of a lot of office productivity software”, he said that criminals often hide malware in fake financial documents, shipping labels or news articles, which often come in the PDF format.
Discussing the threat with ZDNet, senior cyber threat intel analyst at Digital Shadows, Sean Nikkel, said nation-states frequently use malicious PDF files in their cybercriminal activities mostly due to the ubiquity of Adobe products, both in private and public sectors.
Remote working as a liability
Nikkel also said that criminals don’t shy away from creating a malicious website where they could host weaponized PDF files.
Nikkel believes that the major increase in attacks, that’s been spotted recently, can be attributed to remote working. With many employees accessing corporate networks via home devices, cybercriminals have been hard at work at trying to exploit them. In many cases, they succeed, due to the fact that remote workers are no longer under the protection of their corporate IT network and security experts.
- Alert your Adobe Reader right now or prepare to face the consequences
- Check all news and articles from the latest Security news updates.
Disclaimer: If you need to update/edit/remove this news or article then please contact our support team.