High-severity Adobe Acrobat Reader bug added to KEV catalog

Attacks targeting a high-severity use-after-free Adobe Acrobat Reader flaw, tracked as CVE-2023-21608, have prompted the inclusion of the bug in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, reports The Hacker News. Threat actors could leverage the already addressed vulnerability, which affects various Acrobat DC and Acrobat Reader DC for Windows and Mac, as well as Acrobat 2020, and Acrobat Reader 2020 versions, to facilitate remote code execution with escalated privileges. No further information regarding the kind of attacks and threat actors exploiting the bug has been provided but CISA called on federal agencies to remediate the flaw with patches that have been available since January by Oct. 31. Active exploitation of CVE-2023-21608 comes after threat actors have launched attacks leveraging an out-of-bounds write issue in Adobe Acrobat and Reader, tracked as CVE-2023-26369, which enables code execution from specially crafted PDF files.