Adobe, the software giant, sounded the alarm on Tuesday about a new zero-day attack that is actively targeting users of its widely used Adobe Acrobat and Reader software. The company released this warning as part of its regular Patch Tuesday updates. The vulnerability being exploited is a remote one, tagged as CVE-2023-26369, which can be used to initiate code execution attacks. Adobe has described this vulnerability as an out-of-bounds write memory safety issue, which affects installations on both Windows and macOS.
The company stated in an advisory, “Successful exploitation could lead to arbitrary code execution. Adobe is aware that CVE-2023-26369 has been exploited in the wild in limited attacks targeting Adobe Acrobat and Reader.” However, Adobe did not provide specific details about the operating system that is being targeted by these attacks.
The patch for Adobe Acrobat and Reader was the main highlight of the Patch Tuesday release, which also included fixes for at least five known vulnerabilities across various products. Adobe also released a security update for Adobe Connect to address a couple of bugs that could potentially be exploited to launch arbitrary code execution attacks.
Additionally, Adobe issued a separate patch to rectify two known vulnerabilities in Adobe Experience Manager (AEM). The company warned that successful exploitation of these vulnerabilities could also lead to arbitrary code execution.
According to data tracked, there have been 64 documented zero-day attacks targeting a variety of software products so far this year.