Adobe fixed actively exploited zero-day in Acrobat and Reader

Software giant Adobe is warning of a critical security vulnerability in the PDF Acrobat and Reader that is actively exploited in the wild.

Adobe Patch Tuesday security updates (APSB23-34) addressed a critical zero-day vulnerability actively exploited in the wild in attacks on Adobe Acrobat and Reader products.

The vulnerability, tracked as CVE-2023-26369, is an out-of-bounds write memory safety issue that can be exploited to execute arbitrary code on vulnerable installs.

“Adobe has released a security update for Adobe Acrobat and Reader for Windows and macOS. This update addresses a critical vulnerability. Successful exploitation could lead to arbitrary code execution .” reads the advisory

“Adobe is aware that CVE-2023-26369 has been exploited in the wild in limited attacks targeting Adobe Acrobat and Reader.”

The vulnerability affects both Windows and macOS installations. Below is the list of affected versions:

Product Track Affected Versions Platform
Acrobat DC  Continuous  23.003.20284 and earlier versions Windows &  macOS
Acrobat Reader DC Continuous  23.003.20284 and earlier versions
 
Windows & macOS
     
Acrobat 2020 Classic 2020            20.005.30516 (Mac) 20.005.30514 (Win)and earlier versions
 
Windows & macOS
Acrobat Reader 2020 Classic 2020            20.005.30516 (Mac)20.005.30514 (Win)and earlier versions Windows & macOS

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, zero-day)

The post Adobe fixed actively exploited zero-day in Acrobat and Reader appeared first on Security Affairs.

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to our Newsletter