Adobe’s Patch Tuesday update for September 2023 comes with a patch for a critical actively exploited security flaw in Acrobat and Reader that could permit an attacker to execute malicious code on susceptible systems. The vulnerability, tracked as CVE-2023-26369, is rated 7.8 for severity on the CVSS scoring system and impacts both Windows and macOS versions of Acrobat DC, Acrobat Reader DC, Acrobat 2020, and Acrobat Reader 2020.
Described as an out-of-bounds write, successful exploitation of the bug could lead to code execution by opening a specially crafted PDF document.
What You Should Do
If you use Acrobat DC, Acrobat Reader DC, Acrobat 2020, Acrobat Reader 2020 you should update your systems immediately. Here’s how:
- Open Adobe Acrobat/Reader
- Click on Menu on the top left
- From the drop down menu, click Help (near bottom)
- Click on Check for Updates and follow prompts
If you have questions or need assistance, contact a member of the BMT team.