Update Your Adobe Acrobat Reader Now to Patch Critical Code Execution Flaw

CVECVE-2023-26395
CVSScvssV3_1: 7.8
SourceCVE-2023-26395

Adobe Acrobat Reader, the popular PDF document viewer, has a high severity vulnerability that could allow hackers to take control of your computer.

The vulnerability, tracked as CVE-2023-26395 with a CVSS score of 7.8, is an out-of-bounds write issue in Adobe Acrobat Reader versions 23.001.20093 and earlier as well as version 20.005.30441 and earlier. This means malicious actors could craft a specially crafted PDF file that, when opened by an affected version of Acrobat Reader, could exploit the flaw to execute arbitrary code on the targeted system with the privileges of the current user.

By enticing a user into opening a boobytrapped PDF file, a hacker could install malware, view and steal sensitive files, or carry out other malicious actions on the infected computer. While the attack requires some user interaction initially, once successfully exploited, a remote attacker would have full control of the victim’s device.

Adobe has released updates to fix this critical vulnerability, so it’s important that all Acrobat Reader users update their software immediately. You can check if your version is vulnerable and install any available updates by opening the Adobe Acrobat Reader application and going to “Help > Check for Updates”. Make sure to keep your software up-to-date to protect yourself against threats like this. Always be wary of opening files from untrusted or unknown sources.

References