Software program maker Adobe on Tuesday raised an alarm about new in-the-wild zero-day assaults hitting customers of its extensively deployed Adobe Acrobat and Reader product.
As a part of its scheduled batch of Patch Tuesday updates, Adobe warned that hackers are exploiting a remotely exploitable vulnerability — CVE-2023-26369 — to launch code execution assaults.
Adobe describes the flaw as an out-of-bounds write reminiscence security situation affecting each Home windows and macOS installations.
“Profitable exploitation may result in arbitrary code execution. Adobe is conscious that CVE-2023-26369 has been exploited within the wild in restricted assaults focusing on Adobe Acrobat and Reader,” the corporate stated in an advisory.
Adobe didn’t specify which working system is being focused by in-the-wild attackers.
The Adobe Acrobat and Reader patch headlines a Patch Tuesday launch that gives fixes for at the least 5 documented flaws throughout a number of merchandise.
The corporate additionally pushed out a security replace for Adobe Join to repair a pair of bugs that could possibly be exploited to launch arbitrary code execution assaults.
A separate patch was rolled out to repair two documented flaws in Adobe Expertise Supervisor (AEM) and warned that profitable exploitation of those vulnerabilities may lead to arbitrary code execution.
Thus far this yr, there has 64 documented in-the-wild zero-day assaults hitting a variety of software program merchandise, based on knowledge tracked by information.killnetswitch.