Adobe Acrobat Users Data Breach🤯?

Hey, Mck’s Today we are going to talk about a shocking vulnerability that has been found in the Adobe Acrobat PDF Reader which almost many of us use in our daily life activities to read and edit PDFs. Let’s get into the Details.

The US Cybersecurity and Infrastructure Agency on Tuesday added a high-security flaw in Adobe Acrobat Reader's Known Vulnerabilities Catalog With Proof of evidence. It is Tracked as CVE-2023–21608 (CVSS score: 7.8), the vulnerability has been described as a use-after-free bug that can be exploited to achieve remote code execution (RCE) with the privileges of the current user.

A patch for the flaw was released by Adobe in January 2023. HackSys security researchers Ashfaq Ansari and Krishnakant Patil were credited with discovering and reporting the flaw.

The following versions of the software are impacted -

• Acrobat DC — 22.003.20282 (Win), 22.003.20281 (Mac) and earlier versions (fixed in 22.003.20310)
• Acrobat Reader DC — 22.003.20282 (Win), 22.003.20281 (Mac) and earlier versions (fixed in 22.003.20310)
• Acrobat 2020–20.005.30418 and earlier versions (fixed in 20.005.30436)
• Acrobat Reader 2020–20.005.30418 and earlier versions (fixed in 20.005.30436)

Details surrounding the nature of the exploitation and the threat actors that may be abusing CVE-2023–21608 are currently unknown. A proof-of-concept (PoC) exploit for the flaw was made available in late January 2023. CVE-2023–21608 is also the second Adobe Acrobat and Reader vulnerability that has seen in-the-wild exploitation after CVE-2023–26369, an out-of-bounds write issue that could result in code execution by opening a specially crafted PDF document. Federal Civilian Executive Branch (FCEB) agencies are required to apply the vendor-provided patches by October 31, 2023, to secure their networks against potential threats.