AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Severe zero-day vulnerabilities in Adobe's Acrobat and Reader

Urgent updates to address serious zero-day vulnerabilities in Adobe's Acrobat and Reader

Adobe has released security updates to fix a zero-day vulnerability in Acrobat and Reader, along with other fixed vulnerabilities. The attacks exploit a flaw that allows the execution of unauthorized code. Users are encouraged to install updates to protect themselves.

This pill is also available in Italian language

Adobe has released security updates to fix a zero-day vulnerability in Acrobat and Reader that has been exploited in attacks. Although detailed information about the attacks has not yet been disclosed, this zero-day is known to affect both Windows and macOS systems.

“Adobe is aware that CVE-2023-26369 has seen limited exploitation in targeted attacks on Adobe Acrobat and Reader,” the company said in a security communication published today.

The serious security flaw, identified as CVE-2023-26369, allows attackers to execute code after exploiting an out-of-bounds write weakness. While threat actors can exploit it with low complexity attacks without requiring privileges, the flaw can only be exploited by local attackers and also requires user interaction, according to its CVSS v3.1 assessment. CVE-2023-26369 has been classified by Adobe as high priority, and the company strongly advises administrators to install the update as soon as possible, preferably within 72 hours.

Affected products and versions

Below is the complete list of affected products and versions:

  • Acrobat DC: version 23.003.20284 and earlier
  • Acrobat Reader DC: version 23.003.20284 and earlier
  • Acrobat 2020: version 20.005.30516 (Mac) and earlier, version 20.005.30514 (Win) and earlier
  • Acrobat Reader 2020: version 20.005.30516 (Mac) and earlier, version 20.005.30514 (Win) and earlier

Other vulnerabilities fixed by Adobe

Today, Adobe patched additional security vulnerabilities that allowed attackers to arbitrarily execute code on systems that were not updated with Adobe Connect and Adobe Experience Manager software. Bugs in Connect (CVE-2023-29305 and CVE-2023-29306) and Experience Manager (CVE-2023-38214 and CVE-2023-38215), which were fixed today, can all be exploited to launch scripting attacks between sites (XSS) reflected. Such bugs can be exploited to access cookies, session tokens, or other sensitive information stored by victims' web browsers.

In July, Adobe released an emergency security update for ColdFusion to address a limited exploit zero-day (CVE-2023-38205). A few days later, CISA ordered federal agencies to secure their Adobe ColdFusion servers on networks against the actively exploited bug by August 10.

Follow us on Instagram for more pills like this

09/12/2023 21:03

Editorial AI

Complementary pills

The emergence of serious vulnerabilities in Adobe ColdFusion softwareUnder attack: how Adobe's software flaws put companies' IT security at risk

Last pills

Cyber attack in Indonesia: the new Brain Cipher ransomware brings services to their kneesNew ransomware hits Indonesia: learn how Brain Cipher crippled essential services and the techniques used by hackers

Patelco Credit Union: security incident halts customer services in CaliforniaService disruption and customer frustration: Patelco Credit Union works to resolve security incident

Cyber attack on TeamViewer: immediate response and investigations underwayStrengthened security measures and international collaborations to counter the cyber threat

Polyfill JS supply chain attack: what happenedA detailed analysis of the cyber attack that compromised a library essential for JavaScript compatibility in browsers