High Threat Security Alert (A23-09-09): Vulnerability in Adobe Reader/Acrobat


 

Published on: 13 September 2023

  
  

Description:

Security updates are released for Adobe Reader and Acrobat to address a vulnerability. A remote attacker would entice a targeted user to open a specially crafted PDF file to exploit the vulnerability.

Reports indicated that the arbitrary code execution vulnerability (CVE-2023-26369) in Adobe Reader and Acrobat is being exploited in the wild. Users are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

 

Affected Systems:

  • Acrobat DC (for Windows and macOS) Continuous 23.003.20284 and earlier versions
  • Acrobat Reader DC (for Windows and macOS) Continuous 23.003.20284 and earlier versions
  • Acrobat 2020 (for Windows) Classic 2020 20.005.30514 and earlier versions
  • Acrobat 2020 (for macOS) Classic 2020 20.005.30516 and earlier versions
  • Acrobat Reader 2020 (for Window) Classic 2020 20.005.30514 and earlier versions
  • Acrobat Reader 2020 (for macOS) Classic 2020 20.005.30516 and earlier versions

 

Impact:

A successful exploitation could lead to arbitrary code execution on an affected system.

 

Recommendation:

Users of affected systems should update the Adobe Reader and Acrobat to the following versions to address the issues. The updates can be obtained by using the auto-update mechanism or by downloading at the following URLs:

  • Acrobat DC (for Windows and macOS) Continuous 23.006.20320
    https://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotesDC/index.html#continuous-track
  • Acrobat Reader DC (for Windows and macOS) Continuous 23.006.20320
    https://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotesDC/index.html#continuous-track
  • Acrobat 2020 (for Windows and macOS) Classic 2020 20.005.30524
    https://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotesDC/index.html#classic-track
  • Acrobat Reader 2020 (for Windows and macOS) Classic 2020 20.005.30524
    https://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotesDC/index.html#classic-track

 

More Information:

  • https://helpx.adobe.com/security/products/acrobat/apsb23-34.html
  • https://www.hkcert.org/security-bulletin/adobe-monthly-security-update-september-2023
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26369


Tag: Adobe , Acrobat , Acrobat Reader , Adobe Reader
Tags