Share This:

Cybersecurity Threat AdvisoryThis Cybersecurity Threat Advisory shares information on the new Adobe zero-day vulnerability detected in Acrobat and Reader. Adobe has taken proactive measures by issuing security updates to this zero-day vulnerability, which has been exploited in attacks. While comprehensive details about the attacks remain undisclosed, it has been stated that this zero-day vulnerability impacts both Windows and macOS operating systems. Barracuda MSP recommends deploying Adobe’s security updates as soon as possible.

What is the threat?

Adobe recently issued security updates to address a zero-day vulnerability, identified as CVE-2023-26369, which has been exploited in limited attacks targeting Adobe Acrobat and Reader. This critical security flaw allows attackers to execute arbitrary code after successfully exploiting an out-of-bounds write weakness. Additionally, Adobe has patched security flaws in Adobe Connect and Adobe Experience Manager software, identified as CVE-2023-29305, CVE-2023-29306, CVE-2023-38214, and CVE-2023-38215, which can be leveraged for reflected cross-site scripting (XSS) attacks.

Why is it noteworthy?

There are several factors that are of concern. First, the zero-day vulnerability, CVE-2023-26369, is actively exploited by threat actors, emphasizing the immediate need for mitigation measures as attackers leverage this vulnerability before a patch becomes available. Second, the out-of-bounds write vulnerability poses a severe risk, enabling unauthorized code execution and is a recurring cause of numerous actively exploited vulnerabilities. Third, the security flaws in Adobe Connect and Adobe Experience Manager expose users to reflected cross-site scripting (XSS) attacks, potentially jeopardizing their sensitive browser-stored data.  Finally, Adobe’s previous history of zero-day incidents underscores the persistent challenges in securing software products, reinforcing the importance of proactive cybersecurity measures.

What is the exposure or risk?

The exposure and risk associated with these threats are as follows:

  1. CVE-2023-26369 Exposure: Organizations using Adobe Acrobat and Reader, particularly on Windows and macOS systems, are at risk. Attackers can exploit this vulnerability with relatively low complexity, although it requires local access and user interaction. Immediate patching is strongly advised to mitigate the risk.
  2. Adobe Connect and Experience Manager Exposure: Users of Adobe Connect and Adobe Experience Manager are susceptible to XSS attacks due to the recently patched vulnerabilities (CVE-2023-29305, CVE-2023-29306, CVE-2023-38214, CVE-2023-38215). These attacks could result in data theft or compromise of sensitive information.
  3. Overall Risk: The presence of actively exploited zero-day vulnerabilities and other security issues underscores the importance of keeping software and systems up-to-date with the latest security patches. Failure to do so can lead to potential data breaches, unauthorized access, and disruptions in system functionality.

The complete list of affected products and versions is in the table below.

Product Track Affected Versions
Acrobat DC Continuous 23.003.20284 and earlier
Acrobat Reader DC Continuous 23.003.20284 and earlier
Acrobat 2020 Classic 2020 20.005.30516 (Mac) and earlier
20.005.30514 (Win) and earlier
Acrobat Reader 2020 Classic 2020 20.005.30516 (Mac) and earlier
20.005.30514 (Win) and earlier

What are the recommendations?

Barracuda MSP recommends the following actions:

  • Apply security updates to affected software versions by following the instructions below. The latest product versions are available to end users via one of the following methods:
    • Users can update their product installations manually by choosing Help > Check for Updates.
    • The products will update automatically, without requiring user intervention, when updates are detected.
    • The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center.


For more in-depth information about the recommendations, please visit the following links:

If you have any questions regarding this Cybersecurity Threat Advisory, please contact our Security Operations Center.

Share This:
Kartik Yadav

Posted by Kartik Yadav

Kartik is a Cybersecurity Analyst at Barracuda MSP. He's a security expert, working on our Blue Team within our Security Operations Center. Kartik supports our XDR service delivery and is highly skilled at analyzing security events to detect cyber threats, helping keep our partners and their customers protected.

Leave a reply

Your email address will not be published. Required fields are marked *