Adobe has released a security update to address a vulnerability labelled as CVE-2021-28550 affecting both Windows and Mac versions of Acrobat DC, Acrobat Reader DC, Acrobat 2020, Acrobat Reader 2020, Acrobat 2017 and Acrobat Reader 2017. The vulnerability being “exploited in the wild in limited attacks targeting Adobe Reader users on Windows.”

The code execution is a serious threat that can potentially cost hundreds of labor hours to manually verify every instance of some software has been updated used by nation state actors. Creating a malicious website and hosting weaponed pdf files are also possible

PDF documents, which frequently are opened either via browser or a reader such as Adobe Acrobat or Reader, can contain malicious Javascript or allow some other system interaction that allows code execution or other vectors of attack to occur, sometimes without the user knowing.