- 189/2023
- High
Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS.
The addressed vulnerabilities could allow the attacker to execute arbitrary code, obtain sensitive information, bypass security restrictions, perform denial of service attacks, and gain access to the affected products by persuading the victim to open a specially crafted document.
Sample of the addressed vulnerabilities:
1. Adobe Acrobat and Adobe Reader Security Bypass (CVE-2023-29320):
- CVSS: 8.6
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Bypass Security
2. Adobe Acrobat and Adobe Reader Code Execution (CVE-2023-38223):
- CVSS: 7.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.