Adobe Fixes Critical Zero-Day Flaw Actively Exploited in the Wild – Security Updates February 2021

Adobe Security updates February 2021 released security updates providing fixes for 33 critical vulnerabilities in Adobe Magento, Adobe Acrobat, Reader,Photoshop, Animate, Illustrator, and Dreamweaver. A total of 50 security vulnerabilities are patched in this release. The patched vulnerabilities are arbitrary code execution, access control bypass, cross-site scripting, cross-site request forgery, injection and then security bypass, etc… These flaws affect Windows and macOS and a vulnerability management solution is essential here.

Additionally, in this release, Adobe has fixed the wildly exploited heap-based buffer overflow issue (CVE-2021-21017) in Adobe Reader, which could allow remote code execution on the vulnerable system. However, a patch management tool can patch these vulnerabilities.

Adobe fixed 23 vulnerabilities in Adobe Reader, 17 of them are rated as critical, and 18 vulnerabilities in Magento, 7 of them are rated as critical. However, it also addressed 5 critical vulnerabilities in Photoshop, a critical arbitrary code execution vulnerability in Animate, 2 critical arbitrary code execution vulnerabilities in Illustrator, and an information disclosure vulnerability in Dreamweaver, rated as important.

Product: Adobe Acrobat and ReaderCVE’s/Advisory: APSB21-09, CVE-2021-21017, CVE-2021-21021, CVE-2021-21028, CVE-2021-21033, CVE-2021-21034, CVE-2021-21035, CVE-2021-21036, CVE-2021-21037, CVE-2021-21038, CVE-2021-21039, CVE-2021-21040, CVE-2021-21041, CVE-2021-21042, CVE-2021-21044, CVE-2021-21045, CVE-2021-21046, CVE-2021-21057, CVE-2021-21058, CVE-2021-21059, CVE-2021-21060, CVE-2021-21061, CVE-2021-21062 and then CVE-2021-21063Severity: CriticalImpact: Application denial-of-service, Arbitrary code execution, Privilege escalation, Information Disclosure

1. Product: Magento Commerce and Magento Open SourceCVE’s/Advisory: APSB21-08, CVE-2021-21012, CVE-2021-21013, CVE-2021-21014, CVE-2021-21015, CVE-2021-21016, CVE-2021-21018, CVE-2021-21019, CVE-2021-21020, CVE-2021-21022, CVE-2021-21023, CVE-2021-21024, CVE-2021-21025, CVE-2021-21026, CVE-2021-21027, CVE-2021-21029, CVE-2021-21030, CVE-2021-21031 and then CVE-2021-21032Severity: CriticalImpact: Unauthorized access to restricted resources, Arbitrary code execution, Arbitrary JavaScript execution in the browser and then Unauthorized modification of customer metadata

2. Product: Adobe PhotoshopCVE’s/Advisory: APSB21-10, CVE-2021-21047, CVE-2021-21048, CVE-2021-21049, CVE-2021-21050, CVE-2021-21051Severity: CriticalImpact: Arbitrary code execution

3. Product: Adobe AnimateCVE’s/Advisory: APSB21-11, CVE-2021-21052Severity: CriticalImpact: Arbitrary code execution

4. Product: Adobe IllustratorCVE’s/Advisory: APSB21-12, CVE-2021-21053 and then CVE-2021-21054Severity: CriticalImpact: Arbitrary code execution

5. Product: Adobe DreamweaverCVE’s/Advisory: APSB21-13, CVE-2021-21055Severity: ImportantImpact: Information disclosure

Also, SanerNow detects these vulnerabilities and automatically fixes them by applying security updates. Download SanerNow and keep your systems updated and secure.