Critical Zero-day Vulnerability Affecting Adobe Acrobat and Reader

Published on 13 Sep 2023

Adobe has released security updates addressing a zero-day vulnerability (CVE-2023-26369) affecting their Acrobat and Reader products. The vulnerability is reportedly being actively exploited.

Successful exploitation of the out-of-bounds write vulnerability would allow an attacker to perform arbitrary code execution.

The vulnerability affects the following versions for all MacOS and Windows platforms:

  • Acrobat DC Continuous 23.003.20284 and earlier versions
  • Acrobat Reader DC Continuous 23.003.20284 and earlier versions
  • Acrobat 2020 Classic 2020 20.005.30516 (Mac), 20.005.30514 (Win), and earlier versions
  • Acrobat Reader 2020 Classic 2020 20.005.30516 (Mac), 20.005.30514 (Win), and earlier versions

Users and administrators of affected products are advised to update their software to the latest versions immediately.

More information is available at:

https://helpx.adobe.com/security/products/acrobat/apsb23-34.html

https://www.bleepingcomputer.com/news/security/adobe-warns-of-critical-acrobat-and-reader-zero-day-exploited-in-attacks/

Tags
Alerts Alerts & Advisories
Share