CISA Warns of Attacks Exploiting Adobe Acrobat Vulnerability

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,298
The US cybersecurity agency CISA on Tuesday announced that it has added five more security defects to its Known Exploited Vulnerabilities catalog, warning organizations of attacks exploiting an Adobe Acrobat and Reader flaw that came to light earlier this year.

The Adobe Acrobat and Reader issue is CVE-2023-21608, a use-after-free vulnerability which can be exploited to achieve remote code execution (RCE) with the privileges of the current user.

Adobe released patches for this flaw in January 2023, but numerous proof-of-concept (PoC) exploits and technical write-ups have been published since, creating opportunities for threat actors to start targeting the issue in attacks.

Although there appear to be no public reports describing in-the-wild exploitation of CVE-2023-21608, CISA says it only adds CVEs to the KEV list based on solid proof that exploitation has occurred.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top