Adobe PDF Creator Zero-day Vulnerability Exploited in the Wild

Adobe has printed a security replace for Adobe Acrobat PDF and Reader for Windows and macOS as phase of its in sort Patch Tuesday updates.

This patch fixes a ‘Serious’ vulnerability, which may allow an attacker to bustle malicious code on unprotected PCs.

“Adobe is conscious that CVE-2023-26369 has been exploited in the wild in restricted assaults focusing on Adobe Acrobat and Reader”, Adobe talked about in its security advisory. Successful exploitation may per chance lead on to arbitrary code execution.

Vulnerability Main points

The vulnerability, identified as CVE-2023-26369, has a severity rating of 7.8 on the CVSS scoring plot and is an out-of-bounds write vulnerability.

Efficiently exploiting the flaw may lead to arbitrary code execution when a specifically created PDF document is opened in the most recent user’s context.

This verbalize impacts installations on each Windows and macOS. Adobe did no longer provide further data on the verbalize or the connected focusing on.

Affected Versions

Adobe assigned CVE-2023-26369 the best priority rating and extremely told administrators to spend the patch as almost straight away as that that that it’s possible you’ll per chance also factor in.

Notably, Adobe has also addressed two wicked-spot scripting vulnerabilities that may result in arbitrary code execution in Adobe Connect, tracked as (CVE-2023-29305 and CVE-2023-29306) and Adobe Skills Supervisor, tracked as (CVE-2023-38214 and CVE-2023-38215).

To this point this twelve months, there were 64 recorded zero-day assaults focusing on a diversity of utility products, in preserving with data restful.