Arbitrary Code Execution Vulnerability in Adobe Products (CVE-2023-26369)

An arbitrary code execution vulnerability (CVE-2023-26369) was identified in Adobe products, including Acrobat DC, Acrobat Reader DC, Acrobat 2020 and Acrobat Reader 2020.  The vulnerability enables a local authenticated attacker with user interaction to achieve arbitrary code execution.  Users are urged to apply the latest patch immediately.

 

Vulnerability

  • Arbitrary Code Execution Vulnerability (CVE-2023-26369)

 

Severity Level

  • Critical

 

Affected products

  • Acrobat DC 23.003.20284 and earlier
  • Acrobat Reader DC 23.003.20284 and earlier
  • Acrobat 2020 20.005.30516 (Mac) and earlier
  • Acrobat 2020 20.005.30514 (Win) and earlier
  • Acrobat Reader 2020 20.005.30516 (Mac) and earlier
  • Acrobat Reader 2020 20.005.30514 (Win) and earlier

 

Remediation

  • Update affected Adobe product versions to the latest version ASAP by following below:
    • The latest product versions are available to end users via one of the following methods:
      • Users can update their product installations manually by choosing Help > Check for Updates.
      • The products will update automatically, without requiring user intervention, when updates are detected.
      • The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center.

      For IT administrators (managed environments):

      • Refer to the specific release note version for links to installers.
      • Install updates via your preferred methodology, such as AIP-GPO, bootstrapper, SCUP/SCCM (Windows), or on macOS, Apple Remote Desktop and SSH.

Reference

 

Enquiry

 

 

Published on: 14 Sep 2023