How to Address the Recent Zero-Day Attacks Affecting Adobe Products

September 26, 2023 |

Adobe recently released a warning to its users about newly detected zero-day attacks. According to the software organization, hackers are exploiting a vulnerability identified as CVE-2023-26369 within the popular Adobe Acrobat and Reader product through an out-of-bounds write weakness. As your expert cybersecurity advisor, BARR recommends reviewing Adobe’s security updates that address the vulnerability and updating your software as soon as possible. 

While Adobe did not specify which operating system in-the-wild attackers are targeting, the company advised that “successful exploitation could lead to arbitrary code execution,” further stating, “Adobe is aware that the vulnerability has been exploited in the wild in limited attacks targeting Adobe Acrobat and Reader.” 

Adobe considers these attacks a critical vulnerability on their severity ranking, which means if exploited, the issue would allow for malicious native code to be executed, potentially without a user being aware.

To be proactive, Adobe released security updates for Adobe Acrobat and Reader for Windows and macOS. Let’s look at the details from Adobe’s security bulletin to help you and your organization quickly address the vulnerability. 

Affected Adobe Versions

Adobe’s security updates impact specific versions in both Windows and macOS installations, including:

  • Acrobat DC 23.003.20284 and earlier versions
  • Acrobat Reader DC 23.003.20284 and earlier versions
  • Acrobat 2020 versions 20.005.30516 (Mac), 20.005.30514 (Windows), and earlier versions
  • Acrobat Reader 2020 versions 20.005.30516 (Mac), 20.005.30514 (Windows), and earlier versions

Adobe categorized these updates as a Priority 1 within their security ratings—a ranking system based on historical attack patterns, the type of vulnerability, the platforms affected, and any potential mitigations in place.

Priority 1 rankings mean the updates resolve targeted vulnerabilities, or those with a higher risk of being targeted by exploits in the wild, for a given product version and platform.

Updating Your Adobe Software

Because threat actors are actively exploiting the zero-day vulnerability, Adobe emphasizes the need for immediate mitigation, recommending users and IT admins update their software installations to the latest versions as soon as possible. 

Take a look at the following instructions on how to successfully update your Adobe software: 

 For individual users:

  • Update product installations manually by choosing Help > Check for Updates.
  • The products will update automatically without requiring user intervention when updates are detected.     
  • The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center.

For IT admins in managed environments:

  • Refer to the specific release note version for links to installers.     
  • Install updates via your preferred methodologies, such as AIP-GPO, bootstrapper, SCUP/SCCM (Windows), or on macOS, Apple Remote Desktop, and SSH.    

Contact us to speak with an expert who can help your organization protect itself from critical vulnerabilities.

Let's Talk