--- licence_title: Creative Commons Attribution 4.0 International (CC-BY 4.0) licence_link: https://creativecommons.org/licenses/by/4.0/ licence_restrictions: https://cert.europa.eu/legal-notice licence_author: CERT-EU, The Cybersecurity Service for the European Union institutions, bodies, offices and agencies title: 'Adobe Acrobat and Reader Zero-Day Vulnerability' version: '1.0' number: '2023-065' original_date: 'September 12, 2023' date: 'September 13, 2023' --- _History:_ * _13/09/2023 --- v1.0 -- Initial publication_ # Summary On September 12, 2023, Adobe released a security update that addresses a critical, zero-day vulnerability, which has been exploited in the wild. The vulnerability affects both Windows and MacOS systems and is being tracked as CVE-2023-26369 [1]. # Technical Details Successful exploitation of this flaw could allow a local attacker to execute arbitrary code. The exploit succeeds without the need of privileges in this low-complexity attack; however, user interaction is required, according to its CVSSv3.1 score. # Affected Products |Product |Track |Affected Versions| |-----------|-------|-----------------| |Acrobat DC | Continuous | 23.003.20284 and earlier| |Acrobat Reader DC| Continuous |23.003.20284 and earlier| |Acrobat 2020 |Classic 2020 | 20.005.30516 (Mac) and earlier/ 20.005.30514 (Win) and earlier| |Acrobat Reader 2020 |Classic 2020 | 20.005.30516 (Mac) and earlier/ 20.005.30514 (Win) and earlier| # Recommendations Adobe recommends users update their software installations to the latest versions as soon as possible, following the instructions they provided in the _Solution_ section of the Security Bulletin [1]. # References [1] [2]