Update Adobe Acrobat and Reader to Address Actively Exploited Vulnerability

Adobe has issued a critical security patch as part of its September 2023 Patch Tuesday update, addressing a severe vulnerability in Acrobat and Reader software. The flaw, identified as CVE-2023-26369, poses a substantial risk by allowing attackers to execute malicious code on vulnerable systems, specifically those running on Windows and macOS.

Rated with a severity score of 7.8 on the Common Vulnerability Scoring System (CVSS), this out-of-bounds write vulnerability affects multiple versions of Adobe’s PDF software, including Acrobat DC, Acrobat Reader DC, Acrobat 2020, and Acrobat Reader 2020. By exploiting this vulnerability, threat actors can execute arbitrary code simply by convincing users to open a specially crafted PDF document.

Adobe has confirmed that CVE-2023-26369 has already been exploited in limited real-world attacks targeting Acrobat and Reader. The company has refrained from disclosing specific details about the nature or extent of these attacks but has emphasized the urgency of applying the provided patches to mitigate potential risks.

The affected versions include Acrobat DC and Acrobat Reader DC, which both include versions up to 23.003.20284; the fix was rolled out in version 23.006.20320. For Acrobat 2020 and Acrobat Reader 2020, any versions prior to 20.005.30524 for Windows and 20.005.30516 for macOS are also at risk.

Additionally, Adobe has addressed two cross-site scripting vulnerabilities in Adobe Connect and Adobe Experience Manager. These vulnerabilities, classified as CVE-2023-29305 and CVE-2023-29306 for Connect, and CVE-2023-38214 and CVE-2023-38215 for Experience Manager, could similarly lead to arbitrary code execution.

Organizations are advised to prioritize the installation of these updates to safeguard against potential exploitation, particularly given the increasing trend of targeting software vulnerabilities. The attack vector employed in the CVE-2023-26369 incident may align with several tactics outlined in the MITRE ATT&CK framework, specifically, the initial access tactic, which highlights methods for gaining entry into a system, combined with the execution tactic, indicative of the ability to run malicious code once access is gained.

Understanding the exploitability of such vulnerabilities is critical for business owners seeking to fortify their cybersecurity posture. As adversaries continually refine their tactics, maintaining up-to-date software and awareness of current threats remain indispensable in defending against potential attacks.