Adobe Fixes Critical Zero-Day Flaw Actively Exploited in the Wild

Adobe Fixes Critical Zero-Day Flaw Actively Exploited in the Wild – Security Updates February 2021

Post author:Kumarswamy S
Post published:February 11, 2021
Post category:Endpoint Security and Management / Patch Management / Security Research and Intelligence / Vulnerability Management
Post comments:0 Comments

Adobe had released security updates providing fixes for 33 critical vulnerabilities in Adobe Magento, Adobe Acrobat, Reader, Photoshop, Animate, Illustrator, and Dreamweaver. A total of 50 security vulnerabilities are patched in this release. The patched vulnerabilities are arbitrary code execution, access control bypass, cross-site scripting, cross-site request forgery, injection, security bypass, etc… These flaws affect Windows and macOS.

In this release, Adobe has fixed the wildly exploited heap-based buffer overflow issue (CVE-2021-21017) in Adobe Reader, which could allow remote code execution on the vulnerable system.

Adobe fixed 23 vulnerabilities in Adobe Reader, 17 of them are rated as critical, and 18 vulnerabilities in Magento, 7 of them are rated as critical. Adobe also addressed 5 critical vulnerabilities in Photoshop, a critical arbitrary code execution vulnerability in Animate, 2 critical arbitrary code execution vulnerabilities in Illustrator, and an information disclosure vulnerability in Dreamweaver, rated as important.

Adobe Security Bulletin Summary for February 2021:

Product: Adobe Acrobat and Reader
CVE’s/Advisory: APSB21-09, CVE-2021-21017, CVE-2021-21021, CVE-2021-21028, CVE-2021-21033, CVE-2021-21034, CVE-2021-21035, CVE-2021-21036, CVE-2021-21037, CVE-2021-21038, CVE-2021-21039, CVE-2021-21040, CVE-2021-21041, CVE-2021-21042, CVE-2021-21044, CVE-2021-21045, CVE-2021-21046, CVE-2021-21057, CVE-2021-21058, CVE-2021-21059, CVE-2021-21060, CVE-2021-21061, CVE-2021-21062, CVE-2021-21063
Severity: Critical
Impact: Application denial-of-service, Arbitrary code execution, Privilege escalation, Information Disclosure

Product: Magento Commerce and Magento Open Source
CVE’s/Advisory: APSB21-08, CVE-2021-21012, CVE-2021-21013, CVE-2021-21014, CVE-2021-21015, CVE-2021-21016, CVE-2021-21018, CVE-2021-21019, CVE-2021-21020, CVE-2021-21022, CVE-2021-21023, CVE-2021-21024, CVE-2021-21025, CVE-2021-21026, CVE-2021-21027, CVE-2021-21029, CVE-2021-21030, CVE-2021-21031, CVE-2021-21032
Severity: Critical
Impact: Unauthorized access to restricted resources, Arbitrary code execution, Arbitrary JavaScript execution in the browser, Unauthorized modification of customer metadata

Product: Adobe Photoshop
CVE’s/Advisory: APSB21-10, CVE-2021-21047, CVE-2021-21048, CVE-2021-21049, CVE-2021-21050, CVE-2021-21051
Severity: Critical
Impact: Arbitrary code execution

Product: Adobe Animate
CVE’s/Advisory: APSB21-11, CVE-2021-21052
Severity: Critical
Impact: Arbitrary code execution

Product: Adobe Illustrator
CVE’s/Advisory: APSB21-12, CVE-2021-21053, CVE-2021-21054
Severity: Critical
Impact: Arbitrary code execution

Product: Adobe Dreamweaver
CVE’s/Advisory: APSB21-13, CVE-2021-21055
Severity: Important
Impact: Information disclosure

SanerNow detects these vulnerabilities and automatically fixes them by applying security updates. Download SanerNow and keep your systems updated and secure.

Tags: 0-Day, Adobe, Adobe Acrobat and Reader, Adobe Critical Patch, Adobe security updates, Arbitrary Code Execution, information-disclosure, Security Feature Bypass

0 0 votes

Article Rating

0 Comments

Inline Feedbacks

View all comments

Adobe Security Bulletin Summary for February 2021:

Subscribe For More Posts Like This

You Might Also Like

Check Out What’s New in SecPod SanerNow 4.4.0.0 | Release Notes

Information and Communications Technologies (ICT) Strategic Partnership, An Overview

WordPress File Manager Plugin Under Active Exploitation