Some versions of Adobe’s Acrobat Reader PDF editor are vulnerable to a high-severity flaw that threat actors are using to execute malicious code on target endpoints remotely.
The alarm was sounded by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which urged users to apply the patch and protect their premises immediately.
The flaw, discovered by HackSys researchers Ashfaq Ansari and Krishnakant Patil, is described as a use-after-free bug and is being tracked as CVE-2023-21608. It carries a severity score of 7.8 (High) and can be abused by having the victim run a malicious file on the target endpoint.
Abuse in the wild
The flaw affects multiple products and versions, including Acrobat DC – 22.003.20282 (Windows), 22.003.20281 (Mac), and earlier versions (addressed in 22.003.20310); Acrobat Reader DC – 22.003.20282 (Windows), 22.003.20281 (Mac), and earlier versions (addressed in 22.003.20310), Acrobat 2020 – 20.005.30418 and earlier versions (addressed in 20.005.30436); and Acrobat Reader 2020 – 20.005.30418 and earlier versions (addressed in 20.005.30436).
CISA said that the flaw is being “actively exploited” without elaborating further, meaning besides knowing hackers are abusing the flaw, we don’t know which groups are abusing it, or against which entities – or even how many organizations are affected.
This is the second vulnerability discovered in Adobe Acrobat and Reader this year, with evidence of abuse in the wild. A month ago, news broke of CVE-2023-26369, a vulnerability whose “successful exploitation could lead to arbitrary code execution.”
To run the malware, the victim was required to open a specially crafted PDF document. Federal Civilian Executive Branch (FCEB) agencies should apply the available patches by the end of October this year.
Via The Hacker News
More from TechRadar Pro
Services Marketplace – Listings, Bookings & Reviews