Adobe’s Patch Tuesday update for September 2023 will come with a patch for a critical actively exploited security flaw in Acrobat and Reader that could allow an attacker to execute destructive code on vulnerable methods.
The vulnerability, tracked as CVE-2023-26369, is rated 7.8 for severity on the CVSS scoring system and impacts each Windows and macOS variations of Acrobat DC, Acrobat Reader DC, Acrobat 2020, and Acrobat Reader 2020.
Explained as an out-of-bounds generate, thriving exploitation of the bug could guide to code execution by opening a specially crafted PDF doc. Adobe did not disclose any additional details about the issue or the targeting included.
![Mullvad VPN Discount](https://thecybersecurity.news/data/2022/05/Mullvad-VPN-245x300.png)
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
“Adobe is knowledgeable that CVE-2023-26369 has been exploited in the wild in confined attacks concentrating on Adobe Acrobat and Reader,” the company acknowledged in an advisory.
Forthcoming WEBINARWay As well Susceptible: Uncovering the Condition of the Id Attack Floor
Achieved MFA? PAM? Support account defense? Find out how well-geared up your group genuinely is from identification threats
Supercharge Your Competencies
CVE-2023-26369 has an effect on the below variations –
- Acrobat DC (23.003.20284 and earlier variations) – Fastened in 23.006.20320
- Acrobat Reader DC (23.003.20284 and earlier versions) – Fixed in 23.006.20320
- Acrobat 2020 (20.005.30514 for Windows and previously variations, 20.005.30516 for macOS and earlier variations) – Mounted in 20.005.30524
- Acrobat Reader 2020 (20.005.30514 for Windows and before versions, 20.005.30516 for macOS and before versions) – Preset in 20.005.30524
Also patched by the software maker are two cross-web-site scripting flaws each individual in Adobe Hook up (CVE-2023-29305 and CVE-2023-29306) and Adobe Expertise Manager (CVE-2023-38214 and CVE-2023-38215) that could guide to arbitrary code execution.
Uncovered this short article interesting? Stick to us on Twitter and LinkedIn to read through much more exceptional articles we put up.
Some areas of this write-up are sourced from:
thehackernews.com