The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday included a higher-severity flaw in Adobe Acrobat Reader to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
Tracked as CVE-2023-21608 (CVSS rating: 7.8), the vulnerability has been explained as a use-just after-no cost bug that can be exploited to realize remote code execution (RCE) with the privileges of the present-day consumer.
A patch for the flaw was released by Adobe in January 2023. HackSys security researchers Ashfaq Ansari and Krishnakant Patil were credited with finding and reporting the flaw.
The next versions of the software program are impacted –
- Acrobat DC – 22.003.20282 (Win), 22.003.20281 (Mac) and earlier variations (preset in 22.003.20310)
- Acrobat Reader DC – 22.003.20282 (Get), 22.003.20281 (Mac) and earlier versions (fastened in 22.003.20310)
- Acrobat 2020 – 20.005.30418 and previously versions (set in 20.005.30436)
- Acrobat Reader 2020 – 20.005.30418 and earlier versions (fixed in 20.005.30436)
Information bordering the mother nature of the exploitation and the menace actors that may be abusing CVE-2023-21608 are currently unidentified. A proof-of-notion (PoC) exploit for the flaw was produced obtainable in late January 2023.
CVE-2023-21608 is also the next Adobe Acrobat and Reader vulnerability that has noticed in-the-wild exploitation soon after CVE-2023-26369, an out-of-bounds publish issue that could end result in code execution by opening a specially crafted PDF document.
Federal Civilian Govt Branch (FCEB) agencies are demanded to implement the seller-supplied patches by Oct 31, 2023, to secure their networks in opposition to prospective threats.
Located this report exciting? Abide by us on Twitter and LinkedIn to study far more distinctive information we article.
Some parts of this article are sourced from:
thehackernews.com