Critical Zero-Day Vulnerability in Adobe Acrobat and Reader

Introduction

In the ever-evolving landscape of cybersecurity, threats emerge that challenge the safety and security of both individual users and organizations. One such recent threat involves a zero-day vulnerability in Adobe Acrobat and Reader. This advisory, presented by Enterprotect, aims to provide comprehensive information about this vulnerability, its implications, and the steps that can be taken to mitigate the risks associated with it.

What is the Threat?

Adobe has released security updates addressing a zero-day vulnerability, labeled as CVE-2023-26369, which has been exploited in targeted attacks against Adobe Acrobat and Reader. This critical security flaw permits attackers to run arbitrary code by successfully exploiting an out-of-bounds write vulnerability. In addition to this, Adobe has rectified security vulnerabilities in Adobe Connect and Adobe Experience Manager software, labeled as CVE-2023-29305, CVE-2023-29306, CVE-2023-38214, and CVE-2023-38215. These vulnerabilities can be utilized for reflected cross-site scripting (XSS) attacks.

Why is it Noteworthy?

Several factors make this vulnerability particularly alarming:

  1. Active Exploitation: The zero-day vulnerability, CVE-2023-26369, is currently being exploited by malicious actors. This emphasizes the urgent need for mitigation as attackers are taking advantage of this vulnerability before patches are widely applied.

  2. Severe Risk: The out-of-bounds write vulnerability presents a significant threat, allowing unauthorized code execution. This type of vulnerability has been the root cause of many actively exploited threats in the past.

  3. Additional Threats: The security vulnerabilities in Adobe Connect and Adobe Experience Manager make users susceptible to reflected XSS attacks, which can compromise sensitive data stored in browsers.

  4. Historical Context: Adobe's past encounters with zero-day vulnerabilities highlight the ongoing challenges in software security, emphasizing the necessity for proactive cybersecurity measures.

What is the Exposure or Risk?

The risks associated with these vulnerabilities are multi-faceted:

  1. CVE-2023-26369 Exposure: Organizations utilizing Adobe Acrobat and Reader, especially on Windows and macOS platforms, are vulnerable. This vulnerability can be exploited with relatively low complexity, but it does necessitate local access and user interaction. Immediate patch application is crucial to reduce the risk.

  2. Adobe Connect and Experience Manager Exposure: Users of Adobe Connect and Adobe Experience Manager are at risk of XSS attacks due to the newly patched vulnerabilities. These attacks can lead to data theft or compromise of confidential information.

  3. Overall Risk: The existence of zero-day vulnerabilities being actively exploited, combined with other security concerns, emphasizes the importance of regularly updating software and systems with the latest security patches. Neglecting to do so can result in potential data breaches, unauthorized access, and disruptions in system operations.

Affected Products and Versions:

  • Acrobat DC (Continuous): 23.003.20284 and earlier

  • Acrobat Reader DC (Continuous): 23.003.20284 and earlier

  • Acrobat 2020 (Classic 2020): 20.005.30516 (Mac) and earlier, 20.005.30514 (Win) and earlier

  • Acrobat Reader 2020 (Classic 2020): 20.005.30516 (Mac) and earlier, 20.005.30514 (Win) and earlier

What are the Recommendations?

Enterprotect strongly advises the following measures:

  • Promptly Update: Apply security updates to the affected software versions. The most recent product versions are accessible to users through several methods:

    • Manually update product installations by selecting Help > Check for Updates.

    • Allow the products to update automatically when updates are detected, without user intervention.

    • Download the full Acrobat Reader installer from the Acrobat Reader Download Center.

References

For a deeper understanding of the recommendations and the vulnerabilities, consider visiting the following resources:

Previous
Previous

BlackCat Ransomware Targets Microsoft Azure Storage

Next
Next

“File Archiver in the Browser” Exploits - Protect Yourself from Deceptive ZIP Domains