Adobe has taken proactive measures by issuing security updates to this zero-day vulnerability, which has been exploited in attacks. While comprehensive details about the attacks remain undisclosed, it has been stated that this zero-day vulnerability impacts both Windows and macOS operating systems. CSB recommends deploying Adobe’s security updates as soon as possible.
What is the threat?
Adobe recently issued security updates to address a zero-day vulnerability, identified as CVE-2023-26369, which has been exploited in limited attacks targeting Adobe Acrobat and Reader. This critical security flaw allows attackers to execute arbitrary code after successfully exploiting an out-of-bounds write weakness. Additionally, Adobe has patched security flaws in Adobe Connect and Adobe Experience Manager software, identified as CVE-2023-29305, CVE-2023-29306, CVE-2023-38214, and CVE-2023-38215, which can be leveraged for reflected cross-site scripting (XSS) attacks.
Why is it noteworthy?
There are several factors that are of concern.
- The zero-day vulnerability, CVE-2023-26369, is actively exploited by threat actors, emphasizing the immediate need for mitigation measures as attackers leverage this vulnerability before a patch becomes available.
- The out-of-bounds write vulnerability poses a severe risk, enabling unauthorized code execution and is a recurring cause of numerous actively exploited vulnerabilities.
- The security flaws in Adobe Connect and Adobe Experience Manager expose users to reflected cross-site scripting (XSS) attacks, potentially jeopardizing their sensitive browser-stored data.
- Adobe’s previous history of zero-day incidents underscores the persistent challenges in securing software products, reinforcing the importance of proactive cybersecurity measures.
What is the exposure or risk?
The exposure and risk associated with these threats are as follows:
- CVE-2023-26369 Exposure: Organizations using Adobe Acrobat and Reader, particularly on Windows and macOS systems, are at risk. Attackers can exploit this vulnerability with relatively low complexity, although it requires local access and user interaction. Immediate patching is strongly advised to mitigate the risk.
- Adobe Connect and Experience Manager Exposure: Users of Adobe Connect and Adobe Experience Manager are susceptible to XSS attacks due to the recently patched vulnerabilities (CVE-2023-29305, CVE-2023-29306, CVE-2023-38214, CVE-2023-38215). These attacks could result in data theft or compromise of sensitive information.
- Overall Risk: The presence of actively exploited zero-day vulnerabilities and other security issues underscores the importance of keeping software and systems up-to-date with the latest security patches. Failure to do so can lead to potential data breaches, unauthorized access, and disruptions in system functionality.
What are the recommendations?
- Apply security updates to affected software versions by following the instructions below. The latest product versions are available to end users via one of the following methods:Users can update their product installations manually by choosing Help > Check for Updates.The products will update automatically, without requiring user intervention, when updates are detected.The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center.
- Users can update their product installations manually by choosing Help > Check for Updates.
- The products will update automatically, without requiring user intervention, when updates are detected.
- The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center.