Adobe Acrobat and Reader zero-day flaw under active exploitation

Home / Threat Intelligence bulletins / Adobe Acrobat and Reader zero-day flaw under active exploitation

Target Industry

Indiscriminate, opportunistic targeting.

Overview

Security updates have been released by Adobe in response to the discovery of the active exploitation of a zero-day vulnerability, tracked as CVE-2023-26369 (CVSSv3 score:7.8). Although it is possible for threat actors to exploit the security issue in low-complexity attacks without requiring a specific privilege level, it can only be leveraged by local actors and therefore also requires user interaction.

Impact

Successful exploitation of CVE-2023-26369 could allow threat actors to gain code execution capabilities following the leverage of an out-of-bounds write weakness.

Vulnerability Detection

A security update for CVE-2023-26369 has been released by Adobe. Previous product versions therefore remain vulnerable to potential exploitation.

Affected Products

The specific products versions that are affected by CVE-2023-26369, on both Windows and macOS systems, are:

  • Acrobat DC (Continuous Track) – version 23.003.20284 and prior
  • Acrobat Reader DC (Continuous Track) – version 23.003.20284 and prior
  • Acrobat 2020 (Classic 2020 Track) – version 20.005.30516 (Mac) and prior; 20.005.30514 (Windows) and prior
  • Acrobat Reader 2020 (Classic 2020 Track) – version 20.005.30516 (Mac) and prior; 20.005.30514 (Windows) and prior

Containment, Mitigations & Remediations

It is strongly recommended that administrators install the relevant update as soon as possible, ideally within a 72-hour window. Although affected products will update automatically when they are detected, users can update their product installations manually by navigating to: “Help” > “Check for Updates”.

Indicators of Compromise

No specific Indicators of Compromise (IoCs) are available currently.

Threat Landscape

Adobe occupies a significant portion of the application-development market share. Threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to focus on. As a result, application-development products can emerge as a prime target. Due to the fact that Adobe products have become an integral aspect of personal and business operations, threat actors will continue to exploit the associated vulnerabilities in an attempt to exfiltrate sensitive data contained therein or impact associated business operations.

The disclosure of CVE-2023-26369 follows an emergency Adobe ColdFusion security update that was released in July to address a zero-day vulnerability (CVE-2023-38205) exploited in the wild as part of attack campaigns. Based on this trend and assuming that these types of security flaws continue to emerge, it has been assessed to be highly likely that threat actors will continue to exploit Adobe vulnerabilities to achieve their objectives.

Threat Group

No attribution to specific threat actors or groups has been identified at the time of writing.

Mitre Methodologies

Common Weakness Enumeration:

CWE-787 – Out-of-bounds Write

Further Information

Adobe Security Advisory