Last Tuesday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) took action by adding a significant security flaw in Adobe Acrobat Reader to its list of Known Exploited Vulnerabilities. This move was prompted by concrete evidence of ongoing exploitation.

This vulnerability, identified as CVE-2023-21608 with a CVSS score of 7.8, is characterized as a use-after-free flaw that can be maliciously exploited to execute remote code with the current user’s privileges.

The following versions of the software are impacted:
Acrobat DC – 22.003.20282 (Win), 22.003.20281 (Mac) and earlier versions (fixed in 22.003.20310)

Acrobat Reader DC – 22.003.20282 (Win), 22.003.20281 (Mac), and earlier versions (fixed in 22.003.20310)

Acrobat 2020 – 20.005.30418 and earlier versions (fixed in 20.005.30436)

Acrobat Reader 2020 – 20.005.30418 and earlier versions (fixed in 20.005.30436)

Presently, information regarding the specific methods of exploitation and the identity of potential threat actors leveraging CVE-2023-21608 remains undisclosed.

How to identify your version of Adobe Acrobat?
“Acrobat 2020” is the last (and final) perpetual desktop version of Acrobat – in other words, not the latest release. “Acrobat DC 2023” is the current subscription version of Acrobat.

To check which version of Adobe Reader you have installed, go to the “Menu” click on “Help” and “About Adobe Acrobat Reader”

To check for updates, Go back to the “Menu” entry, then click on “Help” then “Check for Updates”

Thanks to: https://www.securityweek.com/cisa-warns-of-attacks-exploiting-adobe-acrobat-vulnerability/

Deliver David's Tech Talk to my inbox

We'll send David's weekly Tech Talk to your inbox - including the MP3 of the actual radio spot. You'll never miss a valuable tip again!