Adobe Patches Acrobat 3 Critical ACEs
August 10, 2022
Adobe Patches Acrobat 3 Critical ACEs
Adobe has released a serious security update for its Acrobat and Reader products, addressing 7 reported vulnerabilities, 3 of which might lead to arbitrary code execution attacks.
In addition, Adobe released updates for the following products – Adobe Commerce, Illustrator, FrameMaker, Premiere Elements.
The ACE Vulnerabilities
- CVE-2022-35665 (CVSS 3.1: 7.8, High Severity) – Use After Free Vulnerability
- CVE-2022-35666 (CVSS 3.1: 7.8, High Severity) – Improper Input Validation Vulnerability
- CVE-2022-35667 (CVSS 3.1: 7.8, High Severity) – Out-of-bounds Write Vulnerability
Exploiting any of these vulnerabilities may lead to remote arbitrary code execution on the target system.
Affected Products
- Acrobat DC
- Acrobat Reader DC
- Acrobat 2020
- Acrobat Reader 2020
- Acrobat 2017
- Acrobat Reader 2017
Mitigation
CYREBRO recommends updating their software installations to the latest versions.
References: Adobe Advisory