The software manufacturer Adobe has closed several dangerous security holes in Acrobat and Reader, Bridge, Illustrator, InCopy and InDesign. In the worst case, attackers could execute their own code on systems and thus gain full control under certain circumstances.
Most of the gaps affect the PDF applications Acrobat and Reader on macOS and Windows. In ways that are not described in detail, attackers could paralyze systems via DoS attacks or even execute malicious code. The following versions are equipped against such attacks:
- Acrobat DC Continous 21.011.20039
- Acrobat Reader DC Continous 21.011.20039
- Acrobat 2020 Classic 2020 20.004.30020
- Acrobat Reader 2020 Classic 2020 20.004.30020
- Acrobat 2017 Classic 2017 17.011.30207
- Acrobat Reader 2017 Classic 2017 17.011.30207
A vulnerability (CVE-2021-45053 “high“) in Incopy could also leak malicious code on macOS and Windows computers. Here the output creates 16.4.1 Remedy. InDesign is in the version on macOS and Windows 16.4.1 secured against malicious code attacks. Adobe Bridge brings in the issues 11.1.3 and 12.0.1 Security patches with. for illustrator are the fixed versions 25.4.3 and 26.0.2 appeared.
More information about the vulnerabilities can be found on Adobe’s security website.
(of)