Adobe Patches Critical Zero-Day Flaw in Acrobat and Reader

In News, TechnologyPosted 0 Comment(s)

zAdobe has released a security update for its Acrobat and Reader products that fixes a critical vulnerability that is being actively exploited by attackers. The flaw could allow malicious code execution on vulnerable systems if a specially crafted PDF document is opened.

Zero-Day Exploit Targeting Windows Users

The vulnerability, tracked as CVE-2023-26369, is rated 7.8 for severity on the CVSS scoring system and impacts both Windows and macOS versions of Acrobat DC, Acrobat Reader DC, Acrobat 2020, and Acrobat Reader 2020. According to Adobe, the flaw is an out-of-bounds write issue that could lead to code execution by opening a malicious PDF file.

Adobe has received a report that CVE-2023-26369 has been exploited in the wild in limited attacks targeting Adobe Reader users on Windows. The company did not provide any additional details about the nature or origin of the attacks, but urged users to update their software installations to the latest versions as soon as possible.

Adobe Patches Critical Zero-Day Flaw in Acrobat and Reader

How to Update Adobe Acrobat and Reader

The latest product versions are available to end users via one of the following methods:

  • Users can update their product installations manually by choosing Help > Check for Updates.
  • The products will update automatically, without requiring user intervention, when updates are detected.
  • The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center.

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:

Product Track Updated Versions Platform Priority Rating
Acrobat DC Continuous 23.006.20320 Windows and macOS 1
Acrobat Reader DC Continuous 23.006.20320 Windows and macOS 1
Acrobat 2020 Classic 2020 20.005.30524 Windows and macOS 1
Acrobat Reader 2020 Classic 2020 20.005.30524 Windows and macOS 1

Other Adobe Products Also Patched

In addition to the zero-day flaw in Acrobat and Reader, Adobe also patched two cross-site scripting vulnerabilities each in Adobe Connect (CVE-2023-29305 and CVE-2023-29306) and Adobe Experience Manager (CVE-2023-38214 and CVE-2023-38215) that could lead to arbitrary code execution.

Users of these products are advised to follow the instructions in the respective security bulletins to apply the updates.

Rian

Rian Lord

Rian Lord is a seasoned SEO specialist and the founder of iAqaba, a prominent website offering trending news across various niches. With a passion for staying ahead of the digital landscape, Rian combines his expertise in search engine optimization with his flair for captivating storytelling. As an SEO specialist, Rian possesses a deep understanding of the intricacies involved in optimizing online content to increase visibility and drive organic traffic. His extensive knowledge and hands-on experience allow him to craft compelling news articles that resonate with readers while adhering to best SEO practices.

Leave a Reply

Your email address will not be published. Required fields are marked *