silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,810
The US cybersecurity agency CISA on Tuesday announced that it has added five more security defects to its Known Exploited Vulnerabilities catalog, warning organizations of attacks exploiting an Adobe Acrobat and Reader flaw that came to light earlier this year.
The Adobe Acrobat and Reader issue is CVE-2023-21608, a use-after-free vulnerability which can be exploited to achieve remote code execution (RCE) with the privileges of the current user.
Adobe released patches for this flaw in January 2023, but numerous proof-of-concept (PoC) exploits and technical write-ups have been published since, creating opportunities for threat actors to start targeting the issue in attacks.
Although there appear to be no public reports describing in-the-wild exploitation of CVE-2023-21608, CISA says it only adds CVEs to the KEV list based on solid proof that exploitation has occurred.