Adobe's Patch Tuesday update for September 2023 comes with a spot for a captious actively exploited information flaw successful Acrobat and Reader that could licence an attacker to execute malicious codification connected susceptible systems.
The vulnerability, tracked arsenic CVE-2023-26369, is rated 7.8 for severity connected the CVSS scoring strategy and impacts some Windows and macOS versions of Acrobat DC, Acrobat Reader DC, Acrobat 2020, and Acrobat Reader 2020.
Described arsenic an out-of-bounds write, palmy exploitation of the bug could pb to codification execution by opening a specially crafted PDF document. Adobe did not disclose immoderate further details astir the contented oregon the targeting involved.
"Adobe is alert that CVE-2023-26369 has been exploited successful the chaotic successful constricted attacks targeting Adobe Acrobat and Reader," the institution acknowledged successful an advisory.UPCOMING WEBINAR
Way Too Vulnerable: Uncovering the State of the Identity Attack Surface
Achieved MFA? PAM? Service relationship protection? Find retired however well-equipped your enactment genuinely is against individuality threatsSupercharge Your Skills
CVE-2023-26369 affects the beneath versions -
- Acrobat DC (23.003.20284 and earlier versions) - Fixed successful 23.006.20320
- Acrobat Reader DC (23.003.20284 and earlier versions) - Fixed successful 23.006.20320
- Acrobat 2020 (20.005.30514 for Windows and earlier versions, 20.005.30516 for macOS and earlier versions) - Fixed successful 20.005.30524
- Acrobat Reader 2020 (20.005.30514 for Windows and earlier versions, 20.005.30516 for macOS and earlier versions) - Fixed successful 20.005.30524
Also patched by the bundle shaper are 2 cross-site scripting flaws each successful Adobe Connect (CVE-2023-29305 and CVE-2023-29306) and Adobe Experience Manager (CVE-2023-38214 and CVE-2023-38215) that could pb to arbitrary codification execution.