Adobe fixed actively exploited zero-day in Acrobat and Reader

Pierluigi Paganini September 12, 2023

Software giant Adobe is warning of a critical security vulnerability in the PDF Acrobat and Reader that is actively exploited in the wild.

Adobe Patch Tuesday security updates (APSB23-34) addressed a critical zero-day vulnerability actively exploited in the wild in attacks on Adobe Acrobat and Reader products.

The vulnerability, tracked as CVE-2023-26369, is an out-of-bounds write memory safety issue that can be exploited to execute arbitrary code on vulnerable installs.

“Adobe has released a security update for Adobe Acrobat and Reader for Windows and macOS. This update addresses a critical vulnerability. Successful exploitation could lead to arbitrary code execution .” reads the advisory

“Adobe is aware that CVE-2023-26369 has been exploited in the wild in limited attacks targeting Adobe Acrobat and Reader.”

The vulnerability affects both Windows and macOS installations. Below is the list of affected versions:

ProductTrackAffected VersionsPlatform
Acrobat DC Continuous 
23.003.20284 and earlier versionsWindows &  macOS
Acrobat Reader DCContinuous 23.003.20284 and earlier versions
Windows & macOS

Acrobat 2020Classic 2020           20.005.30516 (Mac) 20.005.30514 (Win)and earlier versions
Windows & macOS
Acrobat Reader 2020Classic 2020           20.005.30516 (Mac)20.005.30514 (Win)and earlier versionsWindows & macOS

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, zero-day)

you might also like

leave a comment