Patch/Configuration Management, Vulnerability Management

High-severity Adobe Acrobat Reader bug added to KEV catalog

Attacks targeting a high-severity use-after-free Adobe Acrobat Reader flaw, tracked as CVE-2023-21608, have prompted the inclusion of the bug in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, reports The Hacker News. Threat actors could leverage the already addressed vulnerability, which affects various Acrobat DC and Acrobat Reader DC for Windows and Mac, as well as Acrobat 2020, and Acrobat Reader 2020 versions, to facilitate remote code execution with escalated privileges. No further information regarding the kind of attacks and threat actors exploiting the bug has been provided but CISA called on federal agencies to remediate the flaw with patches that have been available since January by Oct. 31. Active exploitation of CVE-2023-21608 comes after threat actors have launched attacks leveraging an out-of-bounds write issue in Adobe Acrobat and Reader, tracked as CVE-2023-26369, which enables code execution from specially crafted PDF files.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.