{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2023-065.pdf"
    },
    "title": "Adobe Acrobat and Reader Zero-Day Vulnerability",
    "serial_number": "2023-065",
    "publish_date": "13-09-2023 16:44:05",
    "description": "On September 12, 2023, Adobe released a security update that addresses a critical, zero-day vulnerability, which has been exploited in the wild. The vulnerability affects both Windows and MacOS systems and is being tracked as CVE-2023-26369.<br>\n",
    "url_title": "2023-065",
    "content_markdown": "---\ntitle: 'Adobe Acrobat and Reader Zero-Day\u00a0Vulnerability' \nversion: '1.0'\nnumber: '2023-065'\noriginal_date: 'September 12, 2023'\ndate: 'September 13, 2023'\n---\n\n_History:_\n\n* _13/09/2023 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn September 12, 2023, Adobe released a security update that addresses a critical, zero-day vulnerability, which has been exploited in the wild. The vulnerability affects both Windows and MacOS systems and is being tracked as CVE-2023-26369 [1].\n\n# Technical Details\n\nSuccessful exploitation of this flaw could allow a local attacker to execute arbitrary code. The exploit succeeds without the need of privileges in this low-complexity attack; however, user interaction is required, according to its CVSSv3.1 score.\n\n# Affected Products\n\n|Product\t|Track\t|Affected Versions|\n|-----------|-------|-----------------|\n|Acrobat DC |\tContinuous |\t23.003.20284 and earlier|\n|Acrobat Reader DC|\tContinuous \t|23.003.20284 and earlier|\n|Acrobat 2020\t|Classic 2020 |\t20.005.30516 (Mac) and earlier/ 20.005.30514 (Win) and earlier|\n|Acrobat Reader 2020\t|Classic 2020 |\t20.005.30516 (Mac) and earlier/ 20.005.30514 (Win) and earlier|\n\n \n# Recommendations\n\nAdobe recommends users update their software installations to the latest versions as soon as possible, following the instructions they provided in the _Solution_ section of the Security Bulletin [1].\n\n# References\n\n[1] <https://helpx.adobe.com/security/products/acrobat/apsb23-34.html>\n\n[2] <https://get.adobe.com/uk/reader/>\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>13/09/2023 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On September 12, 2023, Adobe released a security update that addresses a critical, zero-day vulnerability, which has been exploited in the wild. The vulnerability affects both Windows and MacOS systems and is being tracked as CVE-2023-26369 [1].</p><h2 id=\"technical-details\">Technical Details</h2><p>Successful exploitation of this flaw could allow a local attacker to execute arbitrary code. The exploit succeeds without the need of privileges in this low-complexity attack; however, user interaction is required, according to its CVSSv3.1 score.</p><h2 id=\"affected-products\">Affected Products</h2><table><thead><tr><th>Product</th><th>Track</th><th>Affected Versions</th></tr></thead><tbody><tr><td>Acrobat DC</td><td>Continuous</td><td>23.003.20284 and earlier</td></tr><tr><td>Acrobat Reader DC</td><td>Continuous</td><td>23.003.20284 and earlier</td></tr><tr><td>Acrobat 2020</td><td>Classic 2020</td><td>20.005.30516 (Mac) and earlier/ 20.005.30514 (Win) and earlier</td></tr><tr><td>Acrobat Reader 2020</td><td>Classic 2020</td><td>20.005.30516 (Mac) and earlier/ 20.005.30514 (Win) and earlier</td></tr></tbody></table><h2 id=\"recommendations\">Recommendations</h2><p>Adobe recommends users update their software installations to the latest versions as soon as possible, following the instructions they provided in the <em>Solution</em> section of the Security Bulletin [1].</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://helpx.adobe.com/security/products/acrobat/apsb23-34.html\">https://helpx.adobe.com/security/products/acrobat/apsb23-34.html</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://get.adobe.com/uk/reader/\">https://get.adobe.com/uk/reader/</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}