==================================================================== CERT-Renater Note d'Information No. 2021/VULN311 _____________________________________________________________________ DATE : 09/06/2021 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Adobe Acrobat, Adobe Reader versions prior to 2021.005.20148, 2020.004.30005, 2017.011.30197. ===================================================================== https://helpx.adobe.com/security/products/acrobat/apsb21-37.html _____________________________________________________________________ Security update available for Adobe Acrobat and Reader | APSB21-37 Bulletin ID Date Published Priority APSB21-37 June 08, 2021 2 Summary Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple critical vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user. Affected Versions Product Track Affected Versions Platform Acrobat DC Continuous 2021.001.20155 and earlier versions          Windows and macOS Acrobat Reader DC Continuous 2021.001.20155 and earlier versions  Windows and macOS Acrobat 2020 Classic 2020   2020.001.30025 and earlier versions Windows & macOS Acrobat Reader 2020 Classic 2020     2020.001.30025 and earlier versions Windows & macOS Acrobat 2017 Classic 2017 2017.011.30196  and earlier versions Windows & macOS Acrobat Reader 2017 Classic 2017 2017.011.30196  and earlier versions         Windows & macOS Solution Adobe recommends users update their software installations to the latest versions by following the instructions below.     The latest product versions are available to end users via one of the following methods:     Users can update their product installations manually by choosing Help > Check for Updates.      The products will update automatically, without requiring user intervention, when updates are detected.      The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center.      For IT administrators (managed environments):      Refer to the specific release note version for links to installers.      Install updates via your preferred methodology, such as AIP-GPO, bootstrapper, SCUP/SCCM (Windows), or on macOS, Apple Remote Desktop and SSH.         Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:     Product Track Updated Versions Platform Priority Rating Availability Acrobat DC Continuous 2021.005.20148       Windows and macOS 2 Release Notes Acrobat Reader DC Continuous 2021.005.20148  Windows and macOS 2 Release Notes Acrobat 2020 Classic 2020    2020.004.30005 Windows and macOS   2 Release Notes Acrobat Reader 2020 Classic 2020  2020.004.30005 Windows and macOS  2 Release Notes Acrobat 2017 Classic 2017 2017.011.30197 Windows and macOS 2 Release Notes Acrobat Reader 2017 Classic 2017 2017.011.30197  Windows and macOS 2 Release Notes Vulnerability Details Vulnerability Category Vulnerability Impact Severity CVSS base score CVSS vector CVE Number Out-of-bounds Read (CWE-125) Arbitrary code execution Critical 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-28554 CVE-2021-28551 Use After Free (CWE-416) Arbitrary code execution Critical 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-28552 CVE-2021-28631 CVE-2021-28632 Acknowledgements Adobe would like to thank the following for reporting the relevant issues and for working with Adobe to help protect our customers:  Mark Vincent Yason (@MarkYason) working with Trend Micro Zero Day Initiative (CVE-2021-28554, CVE-2021-28631, CVE-2021-28632) Anonymous working with Trend Micro Zero Day Initiative (CVE-2021-28552) qiaoli01 (CVE-2021-28551) For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com. ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================