Adobe Patch Tuesday Update for September 2023, it comes with a fix for an actively exploited critical security flaw in Acrobat and Reader that could allow an attacker to execute malicious code on sensitive systems.
The vulnerability, tracked as CVE-2023-26369, is rated 7.8 in severity on the CVSS rating system and affects Windows and macOS versions of Acrobat DC, Acrobat Reader DC, Acrobat 2020, and Acrobat Reader 2020.
Described as an out-of-bounds write, successful exploitation of the bug could lead to code execution by opening a specially crafted PDF document. Adobe has not disclosed any additional details about the issue or the targeting involved.
“Adobe is aware that CVE-2023-26369 has been exploited in limited attacks targeting Adobe Acrobat and Reader,” the company said. recognized in a review.
Way Too Vulnerable: Uncovering the State of the Identity Attack Surface
MFA achieved? WFP? Service account protection? Find out how equipped your organization really is against identity threats
CVE-2023-26369 affects below versions –
- Acrobat DC (23.003.20284 and earlier) – Fixed in 23.006.20320
- Acrobat Reader DC (23.003.20284 and earlier) – Fixed in 23.006.20320
- Acrobat 2020 (20.005.30514 for Windows and earlier, 20.005.30516 for macOS and earlier) – Fixed in 20.005.30524
- Acrobat Reader 2020 (20.005.30514 for Windows and earlier, 20.005.30516 for macOS and earlier) – Fixed in 20.005.30524
The software maker also fixed two cross-site scripting vulnerabilities each in Adobe Connect (CVE-2023-29305 and CVE-2023-29306) and Adobe Experience Manager (CVE-2023-38214 and CVE-2023-38215) which could lead to the execution of arbitrary code.