Zscaler Security Advisories

Security Advisory - October 12, 2021

Zscaler protects against 3 new vulnerabilities for Adobe Acrobat and Reader

Zscaler, working with Microsoft through their MAPP program, has proactively deployed protections for the following 3 vulnerabilities included in the October 2021 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the October release and deploy additional protections, as necessary.

APSB21-104 – Security updates available for Adobe Acrobat and Reader.

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple critical and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Affected Software

  • Acrobat DC Continuous 2021.007.20095 and earlier versions for Windows
  • Acrobat Reader DC Continuous 2021.007.20095 and earlier versions for Windows
  • Acrobat DC Continuous 2021.007.20096 and earlier versions for macOS
  • Acrobat Reader DC Continuous 2021.007.20096 and earlier versions for macOS
  • Acrobat 2020 Classic 2020 2020.004.30015 and earlier versions for Windows & macOS
  • Acrobat Reader 2020 Classic 2020 2020.004.30015 and earlier versions for Windows & macOS
  • Acrobat 2017 Classic 2017 17.011.30202 and earlier versions for Windows & macOS
  • Acrobat Reader 2017 Classic 2017 17.011.30202 and earlier versions for Windows & macOS

CVE-2021-40729 – Out-of-bounds Read vulnerability leading to Privilege escalation.

Severity: Moderate

 

CVE-2021-40730 – Use After Free vulnerability leading to Privilege escalation.

Severity: Moderate

 

CVE-2021-40731 – Out-of-bounds Write leading to Arbitrary code execution.

Severity: Critical