Adobe Acrobat is a family of application software and Web services developed by Adobe Inc. to view, create, manipulate, print and manage Portable Document Format (PDF) files. The family comprises Acrobat Reader (formerly Reader), Acrobat (formerly Exchange) and Acrobat.com.
The basic Acrobat Reader, available for several desktop and mobile platforms, is freeware; it supports viewing, printing, scaling or resizing and annotating of PDF files. Additional, “Premium”, services are available on paid subscription. The commercial proprietary Acrobat, available for Microsoft Windows and macOS only, can also create, edit, convert, digitally sign, encrypt, export and publish PDF files. Acrobat.com complements the family with a variety of enterprise content management and file hosting services.
Adobe Acrobat Reader versions are affected by a Use After Free vulnerability. Memory is allocated to another pointer validly at some point after it has been freed. The original pointer to the freed memory is used again and points to somewhere within the new allocation. As the data is changed, it corrupts the validly used memory; this induces undefined behaviour in the process.
As a result of the Use After Free, function pointers may be scattered within the heap data. If one of these function pointers is overwritten with an address to valid shellcode, execution of arbitrary code can be achieved in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
NOTE: This vulnerability has been reported by the CISA (America’s Cyber Defense Agency) to be known to be currently actively exploited in the wild as of 2023-10-11. Exploits have been available in the wild on sites such as GitHub since at least 2023-02-02. Prioritisation should be given to remediation in any impacted environment.
Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. Customers are advised to upgrade to the latest version of Adobe Acrobat Reader. Adobe recommends users update their software installations to the latest versions by following the instructions below.
The latest product versions are available to end users via one of the following methods:
* Users can update their product installations manually by choosing Help > Check for Updates.
* The products will update automatically, without requiring user intervention, when updates are detected.
* The full Acrobat Reader installer can be downloaded from the [[https://get.adobe.com/reader|Acrobat Reader Download Center]].
For IT administrators (managed environments):
* Refer to the specific release note version for links to installers.
* Install updates via your preferred methodology, such as AIP-GPO, bootstrapper, SCUP/SCCM (Windows), or on macOS, Apple Remote Desktop and SSH.
NOTE: Remediation of this vulnerability by patching to a specific version indicated may not be sufficient to secure the product against further vulnerabilities discovered in later versions, subsequent to the publication of this guidance. Unless contra-indicated, customers are therefore advised to always upgrade to the latest version of the product available.
(The vendor has not advised of any alternative temporary mitigation or workarounds)
NOTE: Caution should always be taken in applying any temporary mitigations listed. Mitigations are only recommended in cases where patches to remediate the vulnerability are not available, or cannot safely be applied to a given environment immediately. A given mitigation may not in all cases be recommended officially by the application vendor. The viability of any given temporary mitigation measure may vary, depending on server platform and existing configuration. Mitigations listed may incompletely remediate any given vulnerability. Configuration changes to implement listed mitigations may impact/disrupt required functionality within a given customer application. Care should therefore be taken to carefully analyse any listed mitigations for appropriateness to a given environment. Customers are advised to test any configuration changes prior to their being introduced into a production environment.
Category: Memory Access Violation
AppCheck has added a plugin to detect the flaw that will run as part of your standard scans.
AppCheck is a software security vendor based in the UK, offering a leading security scanning platform that automates the discovery of security flaws within organisations websites, applications, network, and cloud infrastructure. AppCheck are authorized by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA).
No software to download or install.
Contact us or call us 0113 887 8380