Recently, a critical security vulnerability in Adobe Acrobat Reader was disclosed by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). This security flaw is known as CVE-2023-21608 and has been rated with a CVSS score of 7.8. It is a security vulnerability known as a “Use-after-free bug,” which allows potential attackers to achieve Remote Code Execution (RCE) with the privileges of the current user.
Various versions of Adobe Acrobat and Acrobat Reader were affected by this security vulnerability, including Acrobat DC, Acrobat Reader DC, Acrobat 2020, and Acrobat Reader 2020. Adobe had already released a patch for this security flaw in January 2023.
There have been reports of active exploitation of this security vulnerability, but currently, there is limited information available about the attackers and their methods. However, a Proof-of-Concept (PoC) for this security flaw was published in January 2023.
It is advisable for organizations and authorities to act promptly and install the published patches to protect their systems from potential threats.