Adobe Releases Security Updates for Acrobat and Reader

Two critical vulnerabilities could lead to arbitrary code execution

Threat ID:: CC-4549
Threat Severity:: Medium
Published:: 12 September 2024 1:52 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Two critical vulnerabilities could lead to arbitrary code execution

Affected platforms

The following platforms are known to be affected:

Adobe Acrobat

Acrobat 2024 | Prior to 24.001.30187
Acrobat 2020 | Prior to 20.005.30680
Acrobat DC | Prior to 24.003.20112
Acrobat Reader DC | Prior to 24.003.20112
Acrobat Reader 2020 | Prior to 20.005.30680

Threat details

Proof-of-concept sample for CVE-2024-41869 discovered in the wild

Security researchers discovered CVE-2024-41869 in a sample PDF discovered in the wild. The sample reportedly appeared to be a partial proof-of-concept (PoC) exploit and researchers have stated the plan to publish technical details in the future. NHS England National CSOC assess exploitation of CVE-2024-41869 in the future is likely.

Introduction

Adobe has released security updates addressing two critical vulnerabilities affecting Acrobat products on Windows and MacOS.

CVE-2024-41869 is a 'use after free' vulnerability with a CVSSv3 score of 7.8 and if exploited could allow arbitrary code execution (ACE).
CVE-2024-45112 is a 'type confusion' vulnerability with a CVSSv3 score of 8.6 and if exploited could allow ACE.

Remediation advice

Affected organisations are encouraged to review Adobe Security Bulletin APSB24-70 and apply the relevant updates.

Definitive source of threat updates

https://helpx.adobe.com/security/products/acrobat/apsb24-70.html

CVE Vulnerabilities

Status Reserved

CVE-2024-41869

Status Reserved

CVE-2024-45112

Last edited: 12 September 2024 1:52 pm