Η Adobe a security update has been released to fix a vulnerability affecting Acrobat DC, Acrobat Reader DC, Acrobat 2020, Acrobat Reader 2020, Acrobat 2017 and Acrobat Reader 2017, so in Windows as well as in Mac.
The company said in a security bulletin that it has received reports of a new vulnerability it has utilize attacks (albeit limited) targeting Adobe Reader users on Windows.
Vulnerability has been named CVE-2021-28550, and according to Adobe, its successful exploitation could lead to arbitrary code execution.
Cybersecurity experts such as Shawn smith by nVisium, reported that arbitrary code execution is a serious threat that can cause several problems.
Ο Sean Nickel, a senior digital threat analyst at Digital Shadows, said that use of malicious PDF files has been a key method of attacking various state hacking groups and other criminals for years. Criminals are taking advantage of the massive use of Adobe products in both the private and public sectors.
See also: Adobe Audition is optimized for M1 Macs
Nikkel also said that the attackers are used to sending phishing emails with PDF attachments to entice users to download and open files. Usually, hackers try to persuade victims to open the document, saying that it is something very important, such as a financial document, a news article, etc.
"In some cases, an would-be intruder could create a malicious website that also hosts infected PDF files.", Said Nikkel.
Nikkel said there has been a huge increase in attacks on infected documents and the increase is thought to be largely due to remote work.