Adobe just released a security bulletin addressing a zero-day vulnerability, CVE-2021-28550, affecting Adobe Acrobat Reader in both Windows and macOS systems. The affected products include Adobe Acrobat DC, Adobe Acrobat Reader DC, Adobe Acrobat 2020, Adobe Acrobat Reader 2020, Adobe Acrobat 2017, and Adobe Acrobat Reader 2017. The attack exploiting this vulnerability is generally through a malicious PDF attachment to a phishing email. If you receive an unexpected email from an unknown sender with a PDF attachment, verify it is legitimate before opening the attachment!
If you are using an Adobe product, update it as soon as possible. Adobe recommends users update their software to the latest versions.
The latest product versions are available to end users via one of the following methods:
- Users can update their software manually by choosing Help > Check for Updates.
- If the auto-update feature is enabled, products will update automatically, without requiring user intervention, when updates are detected.
- The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center.
Review Adobe’s latest security updates.