Adobe recently released a warning to its users about newly detected zero-day attacks. According to the software organization, hackers are exploiting a vulnerability identified as CVE-2023-26369 within the popular Adobe Acrobat and Reader product through an out-of-bounds write weakness. As your expert cybersecurity advisor, BARR recommends reviewing Adobe’s security updates that address the vulnerability and updating your software as soon as possible.
While Adobe did not specify which operating system in-the-wild attackers are targeting, the company advised that “successful exploitation could lead to arbitrary code execution,” further stating, “Adobe is aware that the vulnerability has been exploited in the wild in limited attacks targeting Adobe Acrobat and Reader.”
Adobe considers these attacks a critical vulnerability on their severity ranking, which means if exploited, the issue would allow for malicious native code to be executed, potentially without a user being aware.
To be proactive, Adobe released security updates for Adobe Acrobat and Reader for Windows and macOS. Let’s look at the details from Adobe’s security bulletin to help you and your organization quickly address the vulnerability.
Adobe’s security updates impact specific versions in both Windows and macOS installations, including:
Adobe categorized these updates as a Priority 1 within their security ratings—a ranking system based on historical attack patterns, the type of vulnerability, the platforms affected, and any potential mitigations in place.
Priority 1 rankings mean the updates resolve targeted vulnerabilities, or those with a higher risk of being targeted by exploits in the wild, for a given product version and platform.
Because threat actors are actively exploiting the zero-day vulnerability, Adobe emphasizes the need for immediate mitigation, recommending users and IT admins update their software installations to the latest versions as soon as possible.
Take a look at the following instructions on how to successfully update your Adobe software:
Contact us to speak with an expert who can help your organization protect itself from critical vulnerabilities.