Security update available for Adobe Acrobat and Reader | APSB21-09
Adobe Reader XI (11.0.20) - Suomi is commonly installed in the C: Program Files Adobe Reader 11.0 Reader directory, however this location can differ a lot depending on the user's option while installing the program. Download adobe acrobat reader exe file for free. Office Tools downloads - Adobe Reader by Adobe Systems Incorporated and many more programs are available for instant and free download.
Bulletin ID | Date Published | Priority |
---|---|---|
APSB21-09 | February 09, 2021 | 1 |
Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Adobe has received a report that CVE-2021-21017 has been exploited in the wild in limited attacks targeting Adobe Reader users on Windows.
Product | Track | Affected Versions | Platform |
---|---|---|---|
Acrobat DC | Continuous | 2020.013.20074 and earlier versions | Windows & macOS |
Acrobat Reader DC | Continuous | 2020.013.20074 and earlier versions | Windows & macOS |
Acrobat 2020 | Classic 2020 | 2020.001.30018 and earlier versions | Windows & macOS |
Acrobat Reader 2020 | Classic 2020 | 2020.001.30018 and earlier versions | Windows & macOS |
Acrobat 2017 | Classic 2017 | 2017.011.30188 and earlier versions | Windows & macOS |
Acrobat Reader 2017 | Classic 2017 | 2017.011.30188 and earlier versions | Windows & macOS |
Adobe recommends users update their software installations to the latest versions by following the instructions below.
Adobe Reader Surface Pen
The latest product versions are available to end users via one of the following methods:
- Users can update their product installations manually by choosing Help > Check for Updates.
- The products will update automatically, without requiring user intervention, when updates are detected.
- The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center.
For IT administrators (managed environments):
- Refer to the specific release note version for links to installers.
- Install updates via your preferred methodology, such as AIP-GPO, bootstrapper, SCUP/SCCM (Windows), or on macOS, Apple Remote Desktop and SSH.
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:
Product | Track | Updated Versions | Platform | Priority Rating | Availability |
---|---|---|---|---|---|
Acrobat DC | Continuous | 2021.001.20135 | Windows and macOS | 1 | Release Notes |
Acrobat Reader DC | Continuous | 2021.001.20135 | Windows and macOS | 1 | Release Notes |
Acrobat 2020 | Classic 2020 | 2020.001.30020 | Windows and macOS | 1 | Release Notes |
Acrobat Reader 2020 | Classic 2020 | 2020.001.30020 | Windows and macOS | 1 | Release Notes |
Acrobat 2017 | Classic 2017 | 2017.011.30190 | Windows and macOS | 1 | Release Notes |
Acrobat Reader 2017 | Classic 2017 | 2017.011.30190 | Windows and macOS | 1 | Release Notes |
Vulnerability Category | Vulnerability Impact | Severity | CVE Number |
---|---|---|---|
Buffer overflow | Application denial-of-service | Important | CVE-2021-21046 |
Heap-based Buffer Overflow | Arbitrary code execution | Critical | CVE-2021-21017 |
Path Traversal | Arbitrary code execution | Critical | CVE-2021-21037 |
Integer Overflow | Arbitrary code execution | Critical | CVE-2021-21036 |
Improper Access Control | Privilege escalation | Critical | CVE-2021-21045 |
Out-of-bounds Read | Privilege escalation | Important | CVE-2021-21042 CVE-2021-21034 |
Use-after-free | Information Disclosure | Important | CVE-2021-21061 |
Out-of-bounds Write | Arbitrary code execution | Critical | CVE-2021-21044 CVE-2021-21038 |
Buffer overflow | Arbitrary code execution | Critical | CVE-2021-21058 CVE-2021-21059 CVE-2021-21062 CVE-2021-21063 |
NULL Pointer Dereference | Information Disclosure | Important | CVE-2021-21057 |
Improper Input Validation | Information Disclosure | Important | CVE-2021-21060 |
Use After Free | Arbitrary code execution | Critical | CVE-2021-21041 CVE-2021-21040 Adobe compatible with mac. CVE-2021-21039 CVE-2021-21035 CVE-2021-21033 CVE-2021-21028 CVE-2021-21021 |
Adobe would like to thank the following for reporting the relevant issues and for working with Adobe to help protect our customers.
- Anonymously reported (CVE-2021-21017)
- Nipun Gupta, Ashfaq Ansari, and Krishnakant Patil - CloudFuzz (CVE-2021-21041)
- Mark Vincent Yason (@MarkYason) working with Trend Micro Zero Day Initiative (CVE-2021-21042, CVE-2021-21034)
- Fenghan_zuijinyoukongma_woxiangyueniyiqichifankandianying working with Trend Micro Zero Day Initiative (CVE-2021-21035, CVE-2021-21033, CVE-2021-21028, CVE-2021-21021)
- AIOFuzzer working with Trend Micro Zero Day Initiative (CVE-2021-21044, CVE-2021-21061)
- 360CDSRC in Tianfu Cup 2020 International Cybersecurity Contest (CVE-2021-21037)
- Will Dormann of CERT/CC (CVE-2021-21045)
- Xuwei Liu (shellway) (CVE-2021-21046)
- 胖 in Tianfu Cup 2020 International Cybersecurity Contest (CVE-2021-21040)
- 360政企安全漏洞研究院 in Tianfu Cup 2020 International Cybersecurity Contest (CVE-2021-21039)
- 蚂蚁安全光年实验室基础研究小组 in Tianfu Cup 2020 International Cybersecurity Contest (CVE-2021-21038)
- CodeMaster in Tianfu Cup 2020 International Cybersecurity Contest (CVE-2021-21036)
- Xinyu Wan (wxyxsx) (CVE-2021-21057)
- Haboob Labs (CVE-2021-21060)
- Ken Hsu of Palo Alto Networks (CVE-2021-21058)
- Ken Hsu of Palo Alto Networks, Heige (a.k.a. SuperHei) of Knwonsec 404 Team (CVE-2021-21059)
- Ken Hsu, Bo Qu of Palo Alto Networks (CVE-2021-21062)
- Ken Hsu, Zhibin Zhang of Palo Alto Networks (CVE-2021-21063)
February 10, 2021: Updated acknowledgements for CVE-2021-21058, CVE-2021-21059, CVE-2021-21062, CVE-2021-21063.
Adobe Reader Suite
Security update available for Adobe Reader Mobile | APSB20-50
Bulletin ID | Date Published | Priority |
ASPB20-50 | July 21, 2020 | 2 |
Adobe Reader Suomi
Adobe has released security updates for Adobe Reader Mobile for Android. These updates address an important vulnerability. Successful exploitation could lead to information disclosure in the context of the current user.
Product | Version | Platform |
---|---|---|
Adobe Reader Mobile | 20.0.1 and earlier versions | All Android versions |
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:
Product | Version | Platform | Priority Rating | Availability |
Adobe Reader Mobile | 20.3 | All Android versions | 3 | Download link |
Vulnerability Category | Vulnerability Impact | Severity | CVE Numbers |
Directory Traversal | Information disclosure | Important | CVE-2020-9663 |
Adobe would like to thank the fatal0 for reporting this issue and for working with Adobe to help protect our customers