JPCERT-AT-2021-0026 JPCERT/CC 2021-06-09(Initial) 2021-06-11(Update) <<< JPCERT/CC Alert 2021-06-09 >>> Alert Regarding Vulnerabilities in Adobe Acrobat and Reader (APSB21-37) https://www.jpcert.or.jp/english/at/2021/at210026.html I. Overview Vulnerabilities exist in Adobe Acrobat, a PDF file creation and conversion software, and Adobe Acrobat Reader, a PDF file viewing software. As a result, an attacker may execute arbitrary code by convincing a user to open contents leveraging the vulnerabilities. For more information, please refer to the Adobe's website. Adobe Incorporated Security update available for Adobe Acrobat and Reader | APSB21-37 https://helpx.adobe.com/security/products/acrobat/apsb21-37.html II. Affected Products Affected products and versions are as follows: - Adobe Acrobat DC Continuous (2021.001.20155) and earlier (Windows, macOS) - Adobe Acrobat Reader DC Continuous (2021.001.20155) and earlier (Windows, macOS) - Adobe Acrobat 2020 Classic 2020 (2020.001.30025) and earlier (Windows, macOS) - Adobe Acrobat Reader 2020 Classic 2020 (2020.001.30025) and earlier (Windows, macOS) - Adobe Acrobat 2017 Classic 2017 (2017.011.30196) and earlier (Windows, macOS) - Adobe Acrobat Reader 2017 Classic 2017 (2017.011.30196) and earlier (Windows, macOS) III. Solution Please update Adobe products to the latest versions listed below. - Adobe Acrobat DC Continuous (2021.005.20048) (Windows, macOS) - Adobe Acrobat Reader DC Continuous (2021.005.20048) (Windows, macOS) - Adobe Acrobat 2020 Classic 2020 (2020.004.30005) (Windows, macOS) - Adobe Acrobat Reader 2020 Classic 2020 (2020.004.30005) (Windows, macOS) - Adobe Acrobat 2017 Classic 2017 (2017.011.30197) (Windows, macOS) - Adobe Acrobat Reader 2017 Classic 2017 (2017.011.30197) (Windows, macOS) ** Update: June 11, 2021 Update ************************************* Adobe advisory updated the fixed versions for Adobe Acrobat DC Continuous and Adobe Acrobat Reader DC Continuous. JPCERT/CC updated the versions information accordingly. ********************************************************************** Acrobat will be updated by starting the product, selecting the menu "Help", and then clicking "Check for Updates". If an update from the menu is not available, please download the latest Adobe Acrobat and Reader from the following URLs. For more information, please refer to the Adobe's website. Adobe Incorporated Download Adobe Acrobat Reader DC (Japanese) https://get2.adobe.com/jp/reader/ Adobe Incorporated Download Acrobat 2020 https://helpx.adobe.com/download-install/kb/acrobat-2020-downloads.html Adobe Incorporated Download Acrobat 2017 https://helpx.adobe.com/download-install/kb/acrobat-2017-downloads.html IV. References Adobe Incorporated Security update available for Adobe Acrobat and Reader | APSB21-37 https://helpx.adobe.com/security/products/acrobat/apsb21-37.html Adobe Incorporated Latest Product Security Updates https://helpx.adobe.com/security.html If you have any information regarding this alert, please contact JPCERT/CC. ________ Revision History 2021-06-09 First edition 2021-06-11 Updated "III. Solution" ====================================================================== JPCERT Coordination Center (Early Warning Group) MAIL: ew-info@jpcert.or.jp https://www.jpcert.or.jp/english/