Adobe’s Patch Tuesday update for September 2023 arrives with a patch for a critical actively exploited security flaw in Acrobat and Reader that could permit an attacker to execute malicious code on prone programs.
The vulnerability, tracked as CVE-2023-26369, is rated 7.8 for severity on the CVSS scoring procedure and impacts each Windows and macOS versions of Acrobat DC, Acrobat Reader DC, Acrobat 2020, and Acrobat Reader 2020.
Described as an out-of-bounds publish, effective exploitation of the bug could direct to code execution by opening a specially crafted PDF document. Adobe did not disclose any further aspects about the issue or the targeting concerned.
“Adobe is knowledgeable that CVE-2023-26369 has been exploited in the wild in constrained attacks focusing on Adobe Acrobat and Reader,” the enterprise acknowledged in an advisory.
Forthcoming WEBINARWay Far too Susceptible: Uncovering the Point out of the Id Attack Area
Achieved MFA? PAM? Provider account defense? Discover out how perfectly-outfitted your organization actually is towards identity threats
Supercharge Your Skills
CVE-2023-26369 has an effect on the underneath versions –
- Acrobat DC (23.003.20284 and previously variations) – Set in 23.006.20320
- Acrobat Reader DC (23.003.20284 and before variations) – Fastened in 23.006.20320
- Acrobat 2020 (20.005.30514 for Windows and earlier versions, 20.005.30516 for macOS and earlier variations) – Set in 20.005.30524
- Acrobat Reader 2020 (20.005.30514 for Windows and before variations, 20.005.30516 for macOS and previously versions) – Fixed in 20.005.30524
Also patched by the software program maker are two cross-website scripting flaws each in Adobe Link (CVE-2023-29305 and CVE-2023-29306) and Adobe Practical experience Supervisor (CVE-2023-38214 and CVE-2023-38215) that could lead to arbitrary code execution.
Found this short article exciting? Follow us on Twitter and LinkedIn to study extra distinctive material we put up.
Some parts of this article are sourced from:
thehackernews.com