The US cybersecurity agency CISA on Tuesday announced that it has added five more security defects to its
Known Exploited Vulnerabilities catalog, warning organizations of attacks exploiting an Adobe Acrobat and Reader flaw that came to light earlier this year.
The Adobe Acrobat and Reader issue is CVE-2023-21608, a use-after-free vulnerability which can be exploited to achieve remote code execution (RCE) with the privileges of the current user.
Adobe released patches for this flaw in January 2023, but numerous proof-of-concept (PoC) exploits and technical write-ups have been published since, creating opportunities for threat actors to start targeting the issue in attacks.
Although there appear to be no public reports describing in-the-wild exploitation of CVE-2023-21608, CISA says it only adds CVEs to the KEV list based on solid proof that exploitation has occurred.
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}