A recently patched critical Remote Code Execution (RCE) vulnerability in the Adobe Acrobat Reader DC software has been identified with the publication of proof-of-concept (PoC) exploitation code.
The security vulnerability, coded as CVE-2023-21608, arises from a Use-After-Free error that could cause arbitrary code execution in a current user session. The threat actor could exploit this security vulnerability by convincing users to open a specially crafted document, allowing them to use the user’s privileges to execute arbitrary code on the system or cause the application to crash.
Adobe Released the Security Bulletin for Adobe Acrobat Reader
Adobe recently patched the vulnerability through a security bulletin, but shortly after the release of the update, Hacksysteam security research announced the publication of PoC code targeting the exploitation of CVE-2023-21608 vulnerability. To avoid being targeted by attacks that could be carried out using the vulnerability and exploitation code, it is recommended that users who are using vulnerable Adobe Acrobat Reader DC versions upgrade to the current version where the vulnerability has been fixed.