- 86/2023
- High
Adobe has released important security updates for Adobe Acrobat and Reader for Windows and macOS.
The severity of the addressed vulnerabilities could allow the attacker to execute arbitrary code, bypass security restrictions, cause a memory leak, or gain access to the affected products.
Sample of the addressed vulnerabilities:
1. Adobe Acrobat and Reader Code Execution (CVE-2023-26405):
- CVSS: 8.6
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
2. Adobe Acrobat and Reader Security Feature Bypass (CVE-2023-26406):
- CVSS: 8.6
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Bypass Security
Vulnerabilities
- CVE-2023-26395
- CVE-2023-26396
- CVE-2023-26397
- CVE-2023-26405
- CVE-2023-26406
- CVE-2023-26407
- CVE-2023-26408
- CVE-2023-26417
- CVE-2023-26418
- CVE-2023-26419
- CVE-2023-26420
- CVE-2023-26421
- CVE-2023-26422
- CVE-2023-26423
- CVE-2023-26424
- CVE-2023-26425
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.
Adobe Security Bulletin