Actively exploited Adobe Acrobat, Reader zero-day addressed

Adobe has released a fix for a new zero-day vulnerability impacting its Acrobat and Reader offerings, which has been actively exploited in limited attacks, as part of this month's Patch Tuesday security update, reports SecurityWeek. Both Windows and macOS implementations of Acrobat and Reader are affected by the flaw, tracked as CVE-2023-26369, which could be leveraged to facilitate arbitrary code execution, according to Adobe. At least five other security flaws impacting other Adobe products have also been addressed in the security update, including a pair of flaws in Adobe Connect, which could be abused to enable arbitrary code execution attacks. Moreover, two other flaws in Adobe Experience Manager, which could also be exploited for arbitrary code execution attacks, were also fixed in a separate patch. Data monitored by SecurityWeek revealed that attacks involving active exploitation of zero-day security bugs across a variety of software solutions have already totaled 64 so far this year.