Adobe has released critical safety updates to address a vulnerability in Acrobat and Reader that is being actively exploited in attacks. The vulnerability, known as cve-2023-26369, has been designated as a 0-day vulnerability.
According to official security advisories from Adobe, the vulnerability is being actively exploited in limited attacks specifically targeting Adobe Acrobat and Reader. However, detailed information about the nature of these attacks has not yet been disclosed.
The vulnerability affects both Windows and MacOS systems, allowing attackers to execute arbitrary code. This is achieved by exploiting a flaw related to out-of-bounds memory access.
One notable aspect of this attack is its low complexity, as it does not require any special privileges to carry out. However, it can only be exploited by local attackers who need to interact with the user.
Given the severity of the vulnerability, Adobe has classified it as a top priority and strongly recommends that administrators install the update as soon as possible, ideally within 72 hours.
In addition to addressing this vulnerability, Adobe has also patched other vulnerabilities related to Adobe Connect and Adobe Experience Manager. These vulnerabilities could be exploited to execute arbitrary code and carry out “Reflected Cross-Site Script” (Reflected XSS) attacks.
Cookies, which allow websites to remember user preferences, can provide a more personalized and convenient browsing experience. However, concerns about privacy and security arise as they can also be used to track user behavior on the internet.