Carding
Professional
- Messages
- 2,871
- Reaction score
- 2,344
- Points
- 113
Five minutes to update vulnerable products will allow you to save valuable data.
Adobe has released critical security updates that address the 0-day vulnerability in Acrobat and Reader. The vulnerability is designated as actively exploited in attacks and is known under the identifier CVE-2023-26369 .
According to the company's official security bulletin, this vulnerability is "actively exploited in limited attacks targeting Adobe Acrobat and Reader." Additional information about the nature of these attacks has not yet been disclosed.
The vulnerability affects systems running on both Windows and macOS platforms. It allows attackers to execute arbitrary code after successfully exploiting an Out-of-bounds Write flaw.
It is noteworthy that such an attack has a low degree of complexity and does not require privileges to perform it. However, the vulnerability can only be exploited by local attackers and requires user interaction.
The company has classified this vulnerability as the highest priority and strongly recommends that administrators install the update as soon as possible, ideally within 72 hours.
In addition, Adobe has fixed other vulnerabilities in Adobe Connect and Adobe Experience Manager that also allow attackers to execute arbitrary code. These vulnerabilities can be exploited for "Reflected Cross-Site Scripting" (Reflected XSS) attacks, which can be used to access cookies, session tokens, or other sensitive information stored in the targets ' web browsers.
Recall that in July, Adobe already released an emergency security update for ColdFusion, also trying to solve the problem with the zero-day vulnerability. Shortly after, the U.S. Cybersecurity and Infrastructure Security Service (CISA) called on federal agencies to strengthen the protection of Adobe ColdFusion servers.
Adobe products constantly become the target of targeted attacks by intruders, so experts advise you to monitor updates and quickly install them to ensure security.
Adobe has released critical security updates that address the 0-day vulnerability in Acrobat and Reader. The vulnerability is designated as actively exploited in attacks and is known under the identifier CVE-2023-26369 .
According to the company's official security bulletin, this vulnerability is "actively exploited in limited attacks targeting Adobe Acrobat and Reader." Additional information about the nature of these attacks has not yet been disclosed.
The vulnerability affects systems running on both Windows and macOS platforms. It allows attackers to execute arbitrary code after successfully exploiting an Out-of-bounds Write flaw.
It is noteworthy that such an attack has a low degree of complexity and does not require privileges to perform it. However, the vulnerability can only be exploited by local attackers and requires user interaction.
The company has classified this vulnerability as the highest priority and strongly recommends that administrators install the update as soon as possible, ideally within 72 hours.
In addition, Adobe has fixed other vulnerabilities in Adobe Connect and Adobe Experience Manager that also allow attackers to execute arbitrary code. These vulnerabilities can be exploited for "Reflected Cross-Site Scripting" (Reflected XSS) attacks, which can be used to access cookies, session tokens, or other sensitive information stored in the targets ' web browsers.
Recall that in July, Adobe already released an emergency security update for ColdFusion, also trying to solve the problem with the zero-day vulnerability. Shortly after, the U.S. Cybersecurity and Infrastructure Security Service (CISA) called on federal agencies to strengthen the protection of Adobe ColdFusion servers.
Adobe products constantly become the target of targeted attacks by intruders, so experts advise you to monitor updates and quickly install them to ensure security.
