Critical Zero-Day Exploit Detected in Adobe Acrobat and Reader
September 12, 2023
Adobe, the software giant, sounded the alarm on Tuesday about a new zero-day attack that is actively targeting users of its widely used Adobe Acrobat and Reader software. The company released this warning as part of its regular Patch Tuesday updates. The vulnerability being exploited is a remote one, tagged as CVE-2023-26369, which can be used to initiate code execution attacks. Adobe has described this vulnerability as an out-of-bounds write memory safety issue, which affects installations on both Windows and macOS.
The company stated in an advisory, “Successful exploitation could lead to arbitrary code execution. Adobe is aware that CVE-2023-26369 has been exploited in the wild in limited attacks targeting Adobe Acrobat and Reader.” However, Adobe did not provide specific details about the operating system that is being targeted by these attacks.
The patch for Adobe Acrobat and Reader was the main highlight of the Patch Tuesday release, which also included fixes for at least five known vulnerabilities across various products. Adobe also released a security update for Adobe Connect to address a couple of bugs that could potentially be exploited to launch arbitrary code execution attacks.
Additionally, Adobe issued a separate patch to rectify two known vulnerabilities in Adobe Experience Manager (AEM). The company warned that successful exploitation of these vulnerabilities could also lead to arbitrary code execution.
According to data tracked, there have been 64 documented zero-day attacks targeting a variety of software products so far this year.
Latest News
- Apple's Zero-Day Fix for Older iPhones: Backporting the BLASTPASS Solution
- Google Addresses Critical Chrome Zero-Day Vulnerability Reported by Apple and Spyware Researchers
- Iran's Charming Kitten Strikes Israeli Exchange Servers
- CISA Incorporates Apple Zero-Days Exploited by Pegasus Spyware into its Catalog of Known Exploited Vulnerabilities
- Iranian Hackers Deploy New 'Sponsor' Backdoor Malware Targeting 34 Organizations Globally
Like what you see?
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.