October 13, 2022

Adobe Patches 2 Critical Vulnerabilities in Acrobat

Adobe has released a major security update for Acrobat and Reader products, addressing 6 vulnerabilities, 2 of which are defined as critical and may lead to arbitrary code execution attacks.

It is important to note that the vulnerabilities may also be described as RCE because it does not need the presence of the attacker on the network, but rather the entry of a document received by email or downloaded from the Internet to allow the attacker to exploit the vulnerabilities.

The Critical Vulnerabilities

• CVE-2022-38450 (CVSS 3.1: 7.8, High Severity) – Stack-based Buffer Overflow Vulnerability, successful exploitation of this vulnerability may lead to arbitrary code execution and memory leak attacks.
• CVE-2022-42339 (CVSS 3.1: 7.8, High Severity) – Stack-based Buffer Overflow Vulnerability, successful exploitation of this vulnerability may lead to arbitrary code execution and memory leak attacks.

The full list of vulnerabilities appears in the following Advisory under the heading Vulnerability Details.

Affected Products

• Acrobat DC Continuous
• Acrobat Reader DC Continuous
• Acrobat 2020 Classic 2020
• Acrobat Reader 2020 Classic 2020

Mitigation

CYREBRO recommends updating their software installations to the latest versions.

References: Adobe Advisory