October 11, 2023 at 02:20PM
The Cybersecurity Infrastructure & Security Agency (CISA) has added an Adobe Acrobat Reader bug to its list of exploited vulnerabilities. The bug (CVE-2023-21608) exists in multiple versions of Adobe Acrobat and Reader and allows remote execution of malicious code. CISA advises users to update their software, which was patched in January 2023. Details of the vulnerability were shared by researchers in a February 2023 blog post.
Key takeaways from the meeting notes:
1. The Cybersecurity Infrastructure & Security Agency (CISA) has identified a use-after-free vulnerability in Adobe Acrobat Reader.
2. The affected versions include Adobe Acrobat and Reader Document Cloud Versions 22.003.20282 and 22.003.20281, as well as earlier versions.
3. Additionally, Adobe Acrobat and Reader 20.005.30418 and earlier versions are also impacted.
4. This vulnerability (CVE-2023-21608) allows attackers to remotely execute malicious code on compromised accounts by exploiting a rigged PDF file.
5. CISA recommends applying the latest updates for the affected software, as the vulnerability was patched in January of this year.
6. Researchers who discovered the vulnerability have provided detailed information about their findings in a blog post from February 2023.