Adobe has issued a warning regarding in-the-wild zero-day attacks targeting users of its widely utilized Adobe Acrobat and Reader products. These attacks are exploiting a remotely exploitable vulnerability identified as CVE-2023-26369.
Furthermore, Adobe characterizes this flaw as an out-of-bounds write memory safety issue affecting both Windows and macOS installations, with the potential for arbitrary code execution. The company acknowledged that this vulnerability has already been exploited in limited attacks. Although Adobe did not specify the targeted operating system, it has urged users to remain vigilant.
In addition to addressing this critical issue, Adobe’s Patch Tuesday updates include fixes for at least five documented flaws spanning multiple products. Adobe Connect received a security update to address two vulnerabilities that could be exploited for arbitrary code execution.
At the same time, a separate patch was issued for Adobe Experience Manager (AEM) to rectify two documented flaws, with the warning that exploiting these vulnerabilities could lead to arbitrary code execution.
This incident highlights an ongoing trend, with 64 documented in-the-wild zero-day attacks recorded so far this year, affecting a wide range of software products. As these attacks continue to pose significant threats to users and organizations, staying informed about security updates and promptly applying patches remains crucial to mitigating potential risks associated with zero-day vulnerabilities.
