Adobe Acrobat and Reader Zero-Day Vulnerability
History:
- 13/09/2023 --- v1.0 -- Initial publication
Summary
On September 12, 2023, Adobe released a security update that addresses a critical, zero-day vulnerability, which has been exploited in the wild. The vulnerability affects both Windows and MacOS systems and is being tracked as CVE-2023-26369 [1].
Technical Details
Successful exploitation of this flaw could allow a local attacker to execute arbitrary code. The exploit succeeds without the need of privileges in this low-complexity attack; however, user interaction is required, according to its CVSSv3.1 score.
Affected Products
| Product | Track | Affected Versions |
|---|---|---|
| Acrobat DC | Continuous | 23.003.20284 and earlier |
| Acrobat Reader DC | Continuous | 23.003.20284 and earlier |
| Acrobat 2020 | Classic 2020 | 20.005.30516 (Mac) and earlier/ 20.005.30514 (Win) and earlier |
| Acrobat Reader 2020 | Classic 2020 | 20.005.30516 (Mac) and earlier/ 20.005.30514 (Win) and earlier |
Recommendations
Adobe recommends users update their software installations to the latest versions as soon as possible, following the instructions they provided in the Solution section of the Security Bulletin [1].
References
[1] https://helpx.adobe.com/security/products/acrobat/apsb23-34.html