Adobe fixes 43 vulnerabilities with May updates

Adobe has published security updates for a several software products. The update for Acrobat Reader removes a vulnerability that is already being exploited for attacks.

The updates fix a total of 43 vulnerabilities in Acrobat and Reader, InDesign, Illustrator, InCopy, Adobe Genuine Service, Magento, Creative Cloud Desktop, Media Encoder, Medium, After Effects and Animate. More than half of these security vulnerabilities have been identified as critical.

The PDF tools updates for Acrobat and Acrobat Reader fix 14 vulnerabilities including ten makes as critical. They can be exploited with prepared PDF files by using arbitrary code and execute it with user rights. Adobe has a report that the CVE-2021-28550 vulnerability is already being used for limited attacks on Windows users of Acrobat Reader.

Adobe has closed three critical vulnerabilities in InDesign up to version 16.0. The weaknesses result from insufficient verification of the entered data.

There are five vulnerabilities in Illustrator 25.2 and older that Adobe has classified as critical. Malicious code can be injected and executed. There is also a vulnerability in After Effects up to and including 18.1, as well as in the Creative Cloud desktop application 5.3 and older.

The current Adobe Security Bulletins can be found here.