Update Your Adobe Acrobat Reader Now to Patch Critical Code Execution Flaw

CVECVE-2023-21608
CVSScvssV3_1: 7.8
SourceCVE-2023-21608

Adobe Acrobat Reader, the popular PDF document viewer, is affected by a serious vulnerability that could allow hackers to take control of users’ computers.

The flaw, tracked as CVE-2023-21608, is a use-after-free bug that resides in how Acrobat Reader handles objects in memory. Hackers could exploit this by tricking a victim into opening a specially crafted PDF file. Once opened, the malicious file would attempt to improperly free memory and then reallocate it. This corrupt memory state could be leveraged to execute arbitrary code with the user’s privileges.

In other words, just by viewing a booby-trapped PDF, hackers could potentially install programs, view, change or delete data, or create new accounts with full user rights on Windows, macOS, and Linux machines. All versions of Acrobat Reader before 22.003.20282 are vulnerable.

The good news is Adobe has released updates to fix the issue. Users are strongly recommended to update their installations of Acrobat Reader immediately to versions 22.003.20282 or later to protect themselves against any potential attacks attempting to abuse this flaw. Keeping your software up-to-date is one of the best ways to stay secure online.

References