Security researchers have analyzed a limited number of attacks in past few days where attackers have exploited a critical vulnerability in Adobe Reader. Adobe has also warned about this critical vulnerability that has been exploited in the wild to target Adobe Reader users on Windows.
According to Adobe’s advisory, the vulnerability CVE-2021-21017 is a critical-severity heap-based buffer overflow flaw. This type of flaw occurs when the region of a process’ memory used to store dynamic variables (the heap) can be overwhelmed. If a buffer-overflow occurs, it typically causes the affected program to behave incorrectly. With this flaw in particular, it can be exploited to execute arbitrary code on affected systems.
Adobe informed that the company has released security updates for Adobe Acrobat and Reader for Windows and macOS. These security updates address multiple critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.