Connect with us

Hi, what are you looking for?


Data Breaches

Adobe Says Critical PDF Reader Zero-Day Being Exploited 

Adobe raises an alarm for new in-the-wild zero-day attacks hitting users of its widely deployed Adobe Acrobat and Reader product.

Adobe ColdFusion vulnerability exploited

Software maker Adobe on Tuesday raised an alarm about new in-the-wild zero-day attacks hitting users of its widely deployed Adobe Acrobat and Reader product.

As part of its scheduled batch of Patch Tuesday updates, Adobe warned that hackers are exploiting a remotely exploitable vulnerability — CVE-2023-26369 — to launch code execution attacks.

Adobe describes the flaw as an out-of-bounds write memory safety issue affecting both Windows and macOS installations.

“Successful exploitation could lead to arbitrary code execution. Adobe is aware that CVE-2023-26369 has been exploited in the wild in limited attacks targeting Adobe Acrobat and Reader,” the company said in an advisory.

Adobe did not specify which operating system is being targeted by in-the-wild attackers.

The Adobe Acrobat and Reader patch headlines a Patch Tuesday release that provides fixes for at least five documented flaws across multiple products.

The company also pushed out a security update for Adobe Connect to fix a pair of bugs that could be exploited to launch arbitrary code execution attacks.   

Advertisement. Scroll to continue reading.

A separate patch was rolled out to fix two documented flaws in Adobe Experience Manager (AEM) and warned that successful exploitation of these vulnerabilities could result in arbitrary code execution.

So far this year, there has 64 documented in-the-wild zero-day attacks hitting a wide range of software products, according to data tracked by SecurityWeek.

Related: Patch Tuesday: Adobe Patches 30 Acrobat, Reader Vulns

Related: Adobe Patch Tuesday: Critical Flaws Haunt InDesign, ColdFusion

Related: Adobe Patch Tuesday: Code Execution Flaws in Acrobat, Reader

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...