Adobe warns of critical Acrobat and Reader zero-day exploited in attacks


Adobe has released security updates to patch a zero-day vulnerability in Acrobat and Reader tagged as exploited in attacks.

Even though additional information on the attacks is yet to be disclosed, the zero-day is known to affect both Windows and macOS systems.

“Adobe is aware that CVE-2023-26369 has been exploited in the wild in limited attacks targeting Adobe Acrobat and Reader,” the company said in a security advisory published today.

The critical security flaw is tracked as CVE-2023-26369 and can let attackers gain code execution after successfully exploiting an out-of-bounds write weakness.

While threat actors can exploit it in low-complexity attacks without requiring privileges, the flaw can only be exploited by local attackers, and it also requires user interaction, according to its CVSS v3.1 score

Read more…