Adobe’s Patch Tuesday update for September 2023 will come with a patch for a critical actively exploited security flaw in Acrobat and Reader that could allow an attacker to execute destructive code on vulnerable methods.
The vulnerability, tracked as CVE-2023-26369, is rated 7.8 for severity on the CVSS scoring system and impacts each Windows and macOS variations of Acrobat DC, Acrobat Reader DC, Acrobat 2020, and Acrobat Reader 2020.
Explained as an out-of-bounds generate, thriving exploitation of the bug could guide to code execution by opening a specially crafted PDF doc. Adobe did not disclose any additional details about the issue or the targeting included.
“Adobe is knowledgeable that CVE-2023-26369 has been exploited in the wild in confined attacks concentrating on Adobe Acrobat and Reader,” the company acknowledged in an advisory.
Forthcoming WEBINARWay As well Susceptible: Uncovering the Condition of the Id Attack Floor
Achieved MFA? PAM? Support account defense? Find out how well-geared up your group genuinely is from identification threats
Supercharge Your Competencies
CVE-2023-26369 has an effect on the below variations –
- Acrobat DC (23.003.20284 and earlier variations) – Fastened in 23.006.20320
- Acrobat Reader DC (23.003.20284 and earlier versions) – Fixed in 23.006.20320
- Acrobat 2020 (20.005.30514 for Windows and previously variations, 20.005.30516 for macOS and earlier variations) – Mounted in 20.005.30524
- Acrobat Reader 2020 (20.005.30514 for Windows and before versions, 20.005.30516 for macOS and before versions) – Preset in 20.005.30524
Also patched by the software maker are two cross-web-site scripting flaws each individual in Adobe Hook up (CVE-2023-29305 and CVE-2023-29306) and Adobe Expertise Manager (CVE-2023-38214 and CVE-2023-38215) that could guide to arbitrary code execution.
Uncovered this short article interesting? Stick to us on Twitter and LinkedIn to read through much more exceptional articles we put up.
Some areas of this write-up are sourced from: