[CDP-development] TLP:GREEN (Vulnerability Alert Notification) CVE-2023-21608: Adobe Acrobat and Reader Use-After-Free Vulnerability

CSS Security Operations Services * DAS css-soc-services at das.oregon.gov
Wed Oct 11 11:03:52 PDT 2023 

Good morning,

The SOC Services team is reporting on the vulnerability: CVE-2023-21608: Adobe Acrobat and Reader Use-After-Free Vulnerability. Due to its high visibility and knowledge of the software installed in the state environment, we are providing this in-depth information:

History: On January 23, 2023, Adobe released security bulletin APSB23-01 which included CVE-2023-21608. On October 10, 2023, CISA added the vulnerability to the known exploited vulnerabilities catalog.

The APSB23-01 security bulletin from Adobe can be found here: https://helpx.adobe.com/security/products/acrobat/apsb23-01.html

Affected Versions:

Product
Track
Affected Version
Platform
Acrobat DC
Continuous
22.003.20282 (Win), 22.003.20281 (Mac) and earlier versions
Windows &  macOS
Acrobat Reader DC
Continuous
22.003.20282 (Win), 22.003.20281 (Mac) and earlier versions
Windows &  macOS
Acrobat 2020
Classic 2020
20.005.30418 and earlier versions
Windows &  macOS
Acrobat Reader 2020
Classic 2020
20.005.30418 and earlier versions
Windows &  macOS

Fixed versions:

Product
Track
Updated Versions
Acrobat DC
Continuous
22.003.20310 & higher
Acrobat Reader DC
Continuous
22.003.20310 & higher
Acrobat 2020
Classic 2020
20.005.30436 & higher
Acrobat Reader 2020
Classic 2020
20.005.30436 & higher


Intelligence:  As of October 10, 2023, the vulnerability has been confirmed as being exploited in the wild.

Workarounds: There are no workarounds for this vulnerability.

How it works: Details of how the vulnerability is being exploited is currently unknown.

Post-Exploit: Upon successful exploitation of the vulnerability, a threat actor could execute arbitrary code in context of the current user.

As of January 1, 2023, the following vulnerability plugins have been released and are currently in Tenable Security Center:
Plugin
Title
Severity
169880<https://www.tenable.com/plugins/nessus/169880>
Adobe Reader < 20.005.30436 / 22.003.20310 Multiple Vulnerabilities (APSB23-01)
High
169879<https://www.tenable.com/plugins/nessus/169879>
Adobe Acrobat < 20.005.30436 / 22.003.20310 Multiple Vulnerabilities (APSB23-01) (macOS)
High
169878<https://www.tenable.com/plugins/nessus/169878>
Adobe Reader < 20.005.30436 / 22.003.20310 Multiple Vulnerabilities (APSB23-01) (macOS)
High
169877<https://www.tenable.com/plugins/nessus/169877>
Adobe Acrobat < 20.005.30436 / 22.003.20310 Multiple Vulnerabilities (APSB23-01)
High

Recommended Actions:


  *   Verify host has not been compromised before applying patches.
  *   Apply appropriate updates provided by vendor to vulnerable systems immediately after appropriate testing.
  *   Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  *   Apply the Principle of Least Privilege to all systems and services.











-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20231011/3958ba09/attachment-0001.html>

More information about the CDP-development mailing list