CVE-2021-28550: 
Adobe Acrobat Reader Continuous vulnerability analysis and mitigation

CVE-2021-28550 is a Use After Free vulnerability affecting Adobe Acrobat Reader DC. The vulnerability was discovered in early 2021 and affects multiple versions including 2021.001.20150 (and earlier), 2020.001.30020 (and earlier), and 2017.011.30194 (and earlier). This security flaw impacts both Windows and macOS versions of Adobe Acrobat DC, Acrobat Reader DC, Acrobat 2020, Acrobat Reader 2020, Acrobat 2017, and Acrobat Reader 2017 (NVD).

The vulnerability is classified as a Use After Free (CWE-416) issue that could allow arbitrary code execution in the context of the current user. It received a CVSS v3.1 base score of 8.8 (HIGH) from NIST and 9.6 (CRITICAL) from Adobe Systems Incorporated. The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, and no privileges required for exploitation (NVD).

If successfully exploited, this vulnerability allows an unauthenticated attacker to achieve arbitrary code execution in the context of the current user. The attacker could potentially execute any command on the target system, though exploitation requires user interaction as the victim must open a malicious file (Hacker News).

Adobe has released patches to address this vulnerability through their May 2021 Patch Tuesday updates. Users are strongly advised to update their software installations to the latest versions to mitigate the risk associated with this flaw (Hacker News).