He called Adobe the 'Microsoft of a lot of office productivity software' and added that attackers historically have used phishing emails with PDF attachments to entice users to download and open files, generally under the pretense of it being a critical document for review, such as a financial document, news article, or a shipping label. Sean Nikkel, senior cyber threat intel analyst at Digital Shadows, said the use of malicious PDF files has been a staple of various nation-state actors, as well as criminal actors, for years because of the ubiquity of Adobe products in use for the private and public sectors.
The flaw, labeled CVE-2021-28550, could lead to arbitrary code execution if successfully exploited.Ĭybersecurity experts, like nVisium director of infrastructure Shawn Smith, said code execution is a serious threat that can potentially cost hundreds of labor hours to manually verify every instance of some software has been updated. In a security bulletin, the company acknowledged that it has received reports of the vulnerability being 'exploited in the wild in limited attacks targeting Adobe Reader users on Windows.'
