Quote:Adobe is warning of a critical vulnerability that has been exploited in the wild to target Adobe Reader users on Windows.
 
The vulnerability (CVE-2021-21017) has been exploited in “limited attacks,” according to Adobe’s Tuesday advisory, part of its regularly scheduled February updates. The flaw in question is a critical-severity heap-based buffer overflow flaw.
 
This type of buffer-overflow error occurs when the region of a process’ memory used to store dynamic variables (the heap) can be overwhelmed. If a buffer-overflow occurs, it typically causes the affected program to behave incorrectly. With this flaw in particular, it can be exploited to execute arbitrary code on affected systems.

“Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS,” said Adobe on Tuesday. “These updates address multiple critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.”