August 10, 2022

Adobe Patches Acrobat 3 Critical ACEs

Adobe has released a serious security update for its Acrobat and Reader products, addressing 7 reported vulnerabilities, 3 of which might lead to arbitrary code execution attacks.
In addition, Adobe released updates for the following products – Adobe Commerce, Illustrator, FrameMaker, Premiere Elements.

The ACE Vulnerabilities

• CVE-2022-35665 (CVSS 3.1: 7.8, High Severity) – Use After Free Vulnerability
• CVE-2022-35666 (CVSS 3.1: 7.8, High Severity) – Improper Input Validation Vulnerability
• CVE-2022-35667 (CVSS 3.1: 7.8, High Severity) – Out-of-bounds Write Vulnerability

Exploiting any of these vulnerabilities may lead to remote arbitrary code execution on the target system.

Affected Products

• Acrobat DC
• Acrobat Reader DC
• Acrobat 2020
• Acrobat Reader 2020
• Acrobat 2017
• Acrobat Reader 2017

Mitigation

CYREBRO recommends updating their software installations to the latest versions.

References: Adobe Advisory