Security Updates in Multiple Products of Adobe

THREAT LEVEL: Amber.

For a detailed advisory, download the pdf file here.

Multiple vulnerabilities have been discovered in Adobe Products:
- 16 critical vulnerabilities have been fixed in Adobe Acrobat and Reader which are listed below:
- Code execution: CVE-2021-44701, CVE-2021-44704, CVE-2021-44705, CVE-2021-44706, CVE-2021-44707, CVE-2021-44710, CVE-2021-44711, CVE-2021-45061, CVE-2021-45062, CVE-2021-45064, CVE-2021-45068.
- Buffer overflow: CVE-2021-44703, CVE-2021-44708, CVE-2021-44709
- Information disclosure: CVE-2021-45060
- Security bypass: CVE-2021-44702
All the above vulnerabilities have been patched in following versions:
- Acrobat DC and Acrobat Reader DC versions 21.007.20099 and earlier; has been updated in version 21.011.20039.
- Acrobat 2020 and Acrobat Reader 2020 versions 20.004.30017 and earlier; has been updated in version 20.004.30020.
- Acrobat 2017 and Acrobat Reader 2017 versions 17.011.30204 and earlier; has been updated in version 17.011.30207.
Adobe Bridge has a critical local code execution vulnerability (CVE-2021-44743) which has been patched in following versions:
- • Adobe Bridge prior to version 12.0 has been fixed in 12.0.1 and
- • Adobe Bridge prior to version 11.1.2 and earlier has been fixed in 11.1.3
Adobe InCopy has 3 critical local code execution vulnerabilities (CVE-2021-45053, CVE-2021-45055, CVE-2021-45056). All of them affect versions 16.4 and earlier and have been fixed in version 16.4.1
Adobe InDesign has 2 critical local code execution vulnerabilities (CVE-2021-45057, CVE-2021-45058). Both affect versions 16.4 and earlier and have been fixed in version 16.4.1

Patch links of all these vulnerabilities are given in links below. Hive Pro threat researchers suggest organizations to patch these vulnerabilities as soon as possible.