Among the security updates released by Adobe on Tuesday are those for various versions of Adobe Acrobat and Reader, which fix two critical flaws that could lead to arbitrary code execution: CVE-2024-45112 and CVE-2024-41869.
Nothing in the advisory points to a need for users to implement the updates quickly, but the fix for CVE-2024-41869 is actually an additional, more complete fix for CVE-2024-39383, which was supposedly addressed with a security update released in August 2024.
The kicker is that a PoC exploit for CVE-2024-39383 has been detected by EXPMON, a publicly available sandbox-based system for detecting advanced file-based exploits, after a huge public PDF sample set has been tested with it and it detected a crash and reported it as a potential zero-day attack after analyzing a specific file.
What to do?
Both CVE-2024-39383 and CVE-2024-41869 have been reported to Adobe by Haifei Li, who works at Check Point Research and is one of the creators of EXPMON.
The PoC exploit in question is not a full working exploit and the file did not carry a malicious payload, raising the (still unanswered) question of whether it’s an unfinished 0-day exploit leaked by mistake or whether the PDF file was simply crafted for “good-purpose PDF app testing”.
So, in essence, it’s unknown whether the exploit is being used in the wild (after having been duly polished).
But, since EXPMON developers plan to share the PDF sample in question and a blog post about the exploit soon, “users are highly encouraged to apply the new update as soon as possible.”