JPCERT-AT-2021-0023
                                                             JPCERT/CC
                                                            2021-05-12

                  <<< JPCERT/CC Alert 2021-05-12 >>>

Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB21-29)

       https://www.jpcert.or.jp/english/at/2021/at210023.html


I. Overview
Vulnerabilities exist in Adobe Acrobat, a PDF file creation and
conversion software, and Adobe Acrobat Reader, a PDF file viewing
software. As a result, an attacker may execute arbitrary code by
convincing a user to open contents leveraging the vulnerabilities.
For more information, please refer to the Adobe's website.

    Adobe Incorporated
    Security update available for Adobe Acrobat and Reader | APSB21-29
    https://helpx.adobe.com/security/products/acrobat/apsb21-29.html

According to Adobe, among these vulnerabilities, a Use After Free
vulnerability (CVE-2021-28550) has been exploited in attacks targeting
Adobe Reader users on Windows.


II. Affected Products
Affected products and versions are as follows:

  - Adobe Acrobat DC Continuous (2021.001.20150) and earlier (Windows)
  - Adobe Acrobat Reader DC Continuous (2021.001.20150) and earlier (Windows)
  - Adobe Acrobat DC Continuous (2021.001.20149) and earlier (macOS)
  - Adobe Acrobat Reader DC Continuous (2021.001.20149) and earlier (macOS)
  - Adobe Acrobat 2020 Classic 2020 (2020.001.30020) and earlier (Windows, macOS)
  - Adobe Acrobat Reader 2020 Classic 2020 (2020.001.30020) and earlier (Windows, macOS)
  - Adobe Acrobat 2017 Classic 2017 (2017.011.30194) and earlier (Windows, macOS)
  - Adobe Acrobat Reader 2017 Classic 2017 (2017.011.30194) and earlier (Windows, macOS)


III. Solution
Please update Adobe products to the latest versions listed below. 

  - Adobe Acrobat DC Continuous (2021.001.20155) (Windows, macOS)
  - Adobe Acrobat Reader DC Continuous (2021.001.20155) (Windows, macOS)
  - Adobe Acrobat 2020 Classic 2020 (2020.001.30025) (Windows, macOS)
  - Adobe Acrobat Reader 2020 Classic 2020 (2020.001.30025) (Windows, macOS)
  - Adobe Acrobat 2017 Classic 2017 (2017.011.30196) (Windows, macOS)
  - Adobe Acrobat Reader 2017 Classic 2017 (2017.011.30196) (Windows, macOS)

Acrobat will be updated by starting the product, selecting the menu
"Help", and then clicking "Check for Updates". If an update
from the menu is not available, please download the latest Adobe
Acrobat and Reader from the following URLs. For more information,
please refer to the Adobe's website.

    Adobe Incorporated
    Download Adobe Acrobat Reader DC (Japanese)
    https://get2.adobe.com/jp/reader/

    Adobe Incorporated
    Download Acrobat 2020
    https://helpx.adobe.com/download-install/kb/acrobat-2020-downloads.html

    Adobe Incorporated
    Download Acrobat 2017
    https://helpx.adobe.com/download-install/kb/acrobat-2017-downloads.html


IV. References
    Adobe Incorporated
    Security update available for Adobe Acrobat and Reader | APSB21-29
    https://helpx.adobe.com/security/products/acrobat/apsb21-29.html

    Adobe Incorporated
    Latest Product Security Updates
    https://helpx.adobe.com/security.html


If you have any information regarding this alert, please contact
JPCERT/CC.

======================================================================
JPCERT Coordination Center (Early Warning Group)
MAIL: ew-info@jpcert.or.jp
https://www.jpcert.or.jp/english/