Critical Security Flaw Detected in Adobe Acrobat Reader: Essential Information You Must Know

A major security flaw has been identified in several versions of Adobe’s Acrobat Reader and Acrobat DC, one of the world's most popular PDF editors. This high-severity vulnerability, which has been dubbed CVE-2023-21608, can be exploited by threat actors to execute harmful code remotely on target systems. The flaw was discovered by cybersecurity researchers Ashfaq Ansari and Krishnakant Patil from HackSys. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about this vulnerability and is urging users to apply patches immediately to safeguard their systems.

CVE-2023-21608 is a use-after-free bug, a type of security issue that can be exploited by attackers to corrupt valid data, execute arbitrary code, or even cause the program to crash. It has a severity score of 7.8 (high), indicating its potential to cause significant harm. The exploitation of this flaw involves having the victim run a malicious file on their device, thereby allowing the attacker to gain control.

The vulnerability affects multiple versions of Adobe's Acrobat Reader and Acrobat DC products across both Windows and Mac operating systems. Specific versions include Acrobat DC - 22.003.20282 and 22.003.20281, and Acrobat Reader DC - 22.003.20282 and 22.003.20281, along with their earlier versions. Adobe has already addressed these issues in their respective updates, namely 22.003.20310 and 20.005.30436.

CISA has confirmed that this flaw is being actively exploited in the wild. However, the agency did not disclose further details about the nature of these exploits, leaving it unclear as to which threat actors are behind these attacks, the targets involved, or the number of organizations affected.

This is the second notable vulnerability identified in Adobe Acrobat Reader and Acrobat DC this year. The first one, known as CVE-2023-26369, was a significant threat as its successful exploitation could lead to arbitrary code execution. This required the victim to open a specially crafted PDF document which initiated the malware.

Users are strongly advised to update their software to the latest versions to protect their systems from these vulnerabilities. Federal Civilian Executive Branch agencies, in particular, are required to apply the available patches by the end of October this year. Adobe Acrobat Reader and Acrobat DC users should remain vigilant and update their software regularly to ensure their digital safety and security.