Update Adobe Acrobat and Reader to Patch Actively Exploited Vulnerability

14-09-2023
Share
Update Adobe Acrobat and Reader to Patch Actively Exploited Vulnerability

Adobe’s Patch Tuesday update for September 2023 comes with a patch for a critical actively exploited security flaw in Acrobat and Reader that could permit an attacker to execute malicious code on susceptible systems.

The vulnerability, tracked as CVE-2023-26369, is rated 7.8 for severity on the CVSS scoring system and impacts both Windows and macOS versions of Acrobat DC, Acrobat Reader DC, Acrobat 2020, and Acrobat Reader 2020.

“Adobe is aware that CVE-2023-26369 has been exploited in the wild in limited attacks targeting Adobe Acrobat and Reader,” the company acknowledged in an advisory.

CVE-2023-26369 affects the below versions –

  • Acrobat DC (23.003.20284 and earlier versions) – Fixed in 23.006.20320
  • Acrobat Reader DC (23.003.20284 and earlier versions) – Fixed in 23.006.20320
  • Acrobat 2020 (20.005.30514 for Windows and earlier versions, 20.005.30516 for macOS and earlier versions) – Fixed in 20.005.30524
  • Acrobat Reader 2020 (20.005.30514 for Windows and earlier versions, 20.005.30516 for macOS and earlier versions) – Fixed in 20.005.30524

Also patched by the software maker are two cross-site scripting flaws each in Adobe Connect (CVE-2023-29305 and CVE-2023-29306) and Adobe Experience Manager (CVE-2023-38214 and CVE-2023-38215) that could lead to arbitrary code execution.

 

Source: https://thehackernews.com/