Adobe’s Patch Tuesday replace for September 2023 comes with a patch for a essential actively exploited security flaw in Acrobat and Reader that might allow an attacker to execute malicious code on vulnerable methods.
The vulnerability, tracked as CVE-2023-26369, is rated 7.8 for severity on the CVSS scoring system and impacts each Home windows and macOS variations of Acrobat DC, Acrobat Reader DC, Acrobat 2020, and Acrobat Reader 2020.
Described as an out-of-bounds write, profitable exploitation of the bug may result in code execution by opening a specifically crafted PDF doc. Adobe didn’t disclose any extra particulars concerning the subject or the focusing on concerned.
“Adobe is conscious that CVE-2023-26369 has been exploited within the wild in restricted assaults focusing on Adobe Acrobat and Reader,” the corporate acknowledged in an advisory.
CVE-2023-26369 impacts the under variations –
- Acrobat DC (23.003.20284 and earlier variations) – Mounted in 23.006.20320
- Acrobat Reader DC (23.003.20284 and earlier variations) – Mounted in 23.006.20320
- Acrobat 2020 (20.005.30514 for Home windows and earlier variations, 20.005.30516 for macOS and earlier variations) – Mounted in 20.005.30524
- Acrobat Reader 2020 (20.005.30514 for Home windows and earlier variations, 20.005.30516 for macOS and earlier variations) – Mounted in 20.005.30524
Additionally patched by the software program maker are two cross-site scripting flaws every in Adobe Join (CVE-2023-29305 and CVE-2023-29306) and Adobe Expertise Supervisor (CVE-2023-38214 and CVE-2023-38215) that might result in arbitrary code execution.
