CISA adds Adobe Acrobat Reader flaw to its Known Exploited Vulnerabilities catalog


The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added five new flaws to its Known Exploited Vulnerabilities Catalog, including a high-severity flaw (CVE-2023-21608) (CVSS score: 7.8) in Adobe Acrobat Reader.

The flaw is a use-after-free issue, an attacker can trigger the flaw to achieve remote code execution (RCE) with the privileges of the current user.

“Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.” reads the advisory. “Exploitation of this issue requires user interaction in that a victim must open a malicious file.”