Adobe PDF Creator Zero-day Vulnerability Exploited in the Wild
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
Adobe has published a security update for Adobe Acrobat PDF and Reader for Windows and macOS as part of its regular Patch Tuesday updates.
This patch fixes a ‘Critical’ vulnerability, which might allow an attacker to run malicious code on unprotected PCs.
“Adobe is aware that CVE-2023-26369 has been exploited in the wild in limited attacks targeting Adobe Acrobat and Reader”, Adobe said in its security advisory. Successful exploitation could lead to arbitrary code execution.
Vulnerability Details
The vulnerability, identified as CVE-2023-26369, has a severity rating of 7.8 on the CVSS scoring system and is an out-of-bounds write vulnerability.
Successfully exploiting the flaw might lead to arbitrary code execution when a specifically created PDF document is opened in the current user’s context.
This issue affects installations on both Windows and macOS. Adobe did not provide additional information on the problem or the relevant targeting.
...( 📜.document )...
Affected Versions
Adobe assigned CVE-2023-26369 the highest priority rating and highly advised administrators to apply the patch as soon as possible.
Notably, Adobe has also addressed two cross-site scripting vulnerabilities that might result in arbitrary code execution in Adobe Connect, tracked as (CVE-2023-29305 and CVE-2023-29306) and Adobe Experience Manager, tracked as (CVE-2023-38214 and CVE-2023-38215).
So far this year, there have been 64 recorded zero-day attacks targeting a variety of software products, according to data collected.
#Cyber_Security_News #Vulnerability #adobe #cyber_security #vulnerability
Оригинальная версия на сайте:
Adobe PDF Creator Zero-day Vulnerability Exploited in the Wild
Author: GuruAdobe has published a security update for Adobe Acrobat PDF and Reader for Windows and macOS as part of its regular Patch Tuesday updates.
This patch fixes a ‘Critical’ vulnerability, which might allow an attacker to run malicious code on unprotected PCs.
“Adobe is aware that CVE-2023-26369 has been exploited in the wild in limited attacks targeting Adobe Acrobat and Reader”, Adobe said in its security advisory. Successful exploitation could lead to arbitrary code execution.
Vulnerability Details
The vulnerability, identified as CVE-2023-26369, has a severity rating of 7.8 on the CVSS scoring system and is an out-of-bounds write vulnerability.
Successfully exploiting the flaw might lead to arbitrary code execution when a specifically created PDF document is opened in the current user’s context.
This issue affects installations on both Windows and macOS. Adobe did not provide additional information on the problem or the relevant targeting.
...( 📜.document )...
Affected Versions
Adobe assigned CVE-2023-26369 the highest priority rating and highly advised administrators to apply the patch as soon as possible.
Notably, Adobe has also addressed two cross-site scripting vulnerabilities that might result in arbitrary code execution in Adobe Connect, tracked as (CVE-2023-29305 and CVE-2023-29306) and Adobe Experience Manager, tracked as (CVE-2023-38214 and CVE-2023-38215).
So far this year, there have been 64 recorded zero-day attacks targeting a variety of software products, according to data collected.
#Cyber_Security_News #Vulnerability #adobe #cyber_security #vulnerability
Оригинальная версия на сайте:
