Adobe had released security updates providing fixes for 33 critical vulnerabilities in Adobe Magento, Adobe Acrobat, Reader, Photoshop, Animate, Illustrator, and Dreamweaver. A total of 50 security vulnerabilities are patched in this release. The patched vulnerabilities are arbitrary code execution, access control bypass, cross-site scripting, cross-site request forgery, injection, security bypass, etc… These flaws affect Windows and macOS.
In this release, Adobe has fixed the wildly exploited heap-based buffer overflow issue (CVE-2021-21017) in Adobe Reader, which could allow remote code execution on the vulnerable system.
Adobe fixed 23 vulnerabilities in Adobe Reader, 17 of them are rated as critical, and 18 vulnerabilities in Magento, 7 of them are rated as critical. Adobe also addressed 5 critical vulnerabilities in Photoshop, a critical arbitrary code execution vulnerability in Animate, 2 critical arbitrary code execution vulnerabilities in Illustrator, and an information disclosure vulnerability in Dreamweaver, rated as important.
Adobe Security Bulletin Summary for February 2021:
Product: Adobe Acrobat and Reader
CVE’s/Advisory: APSB21-09, CVE-2021-21017, CVE-2021-21021, CVE-2021-21028, CVE-2021-21033, CVE-2021-21034, CVE-2021-21035, CVE-2021-21036, CVE-2021-21037, CVE-2021-21038, CVE-2021-21039, CVE-2021-21040, CVE-2021-21041, CVE-2021-21042, CVE-2021-21044, CVE-2021-21045, CVE-2021-21046, CVE-2021-21057, CVE-2021-21058, CVE-2021-21059, CVE-2021-21060, CVE-2021-21061, CVE-2021-21062, CVE-2021-21063
Severity: Critical
Impact: Application denial-of-service, Arbitrary code execution, Privilege escalation, Information Disclosure
Product: Magento Commerce and Magento Open Source
CVE’s/Advisory: APSB21-08, CVE-2021-21012, CVE-2021-21013, CVE-2021-21014, CVE-2021-21015, CVE-2021-21016, CVE-2021-21018, CVE-2021-21019, CVE-2021-21020, CVE-2021-21022, CVE-2021-21023, CVE-2021-21024, CVE-2021-21025, CVE-2021-21026, CVE-2021-21027, CVE-2021-21029, CVE-2021-21030, CVE-2021-21031, CVE-2021-21032
Severity: Critical
Impact: Unauthorized access to restricted resources, Arbitrary code execution, Arbitrary JavaScript execution in the browser, Unauthorized modification of customer metadata
Product: Adobe Photoshop
CVE’s/Advisory: APSB21-10, CVE-2021-21047, CVE-2021-21048, CVE-2021-21049, CVE-2021-21050, CVE-2021-21051
Severity: Critical
Impact: Arbitrary code execution
Product: Adobe Animate
CVE’s/Advisory: APSB21-11, CVE-2021-21052
Severity: Critical
Impact: Arbitrary code execution
Product: Adobe Illustrator
CVE’s/Advisory: APSB21-12, CVE-2021-21053, CVE-2021-21054
Severity: Critical
Impact: Arbitrary code execution
Product: Adobe Dreamweaver
CVE’s/Advisory: APSB21-13, CVE-2021-21055
Severity: Important
Impact: Information disclosure
SanerNow detects these vulnerabilities and automatically fixes them by applying security updates. Download SanerNow and keep your systems updated and secure.