Adobe PDF Creator Zero-day Vulnerability Exploited in the Wild


Adobe has published a security update for Adobe Acrobat PDF and Reader for Windows and macOS as part of its regular Patch Tuesday updates.

This patch fixes a ‘Critical’ vulnerability, which might allow an attacker to run malicious code on unprotected PCs.

“Adobe is aware that CVE-2023-26369 has been exploited in the wild in limited attacks targeting Adobe Acrobat and Reader”, Adobe said in its security advisory. Successful exploitation could lead to arbitrary code execution.

Vulnerability Details

The vulnerability, identified as CVE-2023-26369, has a severity rating of 7.8 on the CVSS scoring system and is an out-of-bounds write vulnerability.

Successfully exploiting the flaw might lead to arbitrary code execution when a specifically created PDF document is opened in the current user’s context.

This issue affects installations on both Windows and macOS. Adobe did not provide additional information on the problem or the relevant targeting.



Document

FREE Demo

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware


Affected Versions

Adobe PDF Creator Zero-day

Adobe assigned CVE-2023-26369 the highest priority rating and highly advised administrators to apply the patch as soon as possible.

Notably, Adobe has also addressed two cross-site scripting vulnerabilities that might result in arbitrary code execution in Adobe Connect, tracked as (CVE-2023-29305 and CVE-2023-29306) and Adobe Experience Manager, tracked as (CVE-2023-38214 and CVE-2023-38215).

So far this year, there have been 64 recorded zero-day attacks targeting a variety of software products, according to data collected.

Keep informed about the latest Cyber Security News by following us on Google News, Linkedin, Twitter, and Facebook.





Source link