Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability - 20230915001¶
Overview¶
Adobe has released a security update for out of bounds vulnerability in Adobe Acrobat and Reader products that allow code execution.
What is the vulnerability?¶
CVE-2023-26369 - CVSS v3 Base Score: 7.8
This vulnerability when successfully exploited, could lead to arbitrary code execution.
What is vulnerable?¶
The vulnerability affects the following products:
| Product | Track | Affected Versions | Platform |
|---|---|---|---|
| Acrobat DC | Continuous | 23.003.20284 and earlier versions | Windows & macOS |
| Acrobat Reader DC | Continuous | 23.003.20284 and earlier versions | Windows & macOS |
| Acrobat 2020 | Classic 2020 | 20.005.30516 (Mac) 20.005.30514 (Win) and earlier versions | Windows & macOS |
| Acrobat Reader 2020 | Classic 2020 | 20.005.30516 (Mac) 20.005.30514 (Win) and earlier versions | Windows & macOS |
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month... (refer Patch Management):
Adobe recommends users update their software installations to the latest versions by following the instructions below.
The latest product versions are available to end users via one of the following methods:
-
Users can update their product installations manually by choosing Help > Check for Updates.
-
The products will update automatically, without requiring user intervention, when updates are detected.
-
The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center.
For IT administrators (managed environments):
-
Refer to the specific release note version for links to installers.
-
Install updates via your preferred methodology, such as AIP-GPO, bootstrapper, SCUP/SCCM (Windows), or on macOS, Apple Remote Desktop and SSH.
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:
| Product | Track | Updated Versions | Platform | Priority Rating | Availability |
|---|---|---|---|---|---|
| Acrobat DC | Continuous | 23.006.20320 | Windows and macOS | 1 | Release Notes |
| Acrobat Reader DC | Continuous | 23.006.20320 | Windows and macOS | 1 | Release Notes |
| Acrobat 2020 | Classic 2020 | 20.005.30524 | Windows and macOS | 1 | Release Notes |
| Acrobat Reader 2020 | Classic 2020 | 20.005.30524 | Windows and macOS | 1 | Release Notes |