Adobe Acrobat Reader has a serious security flaw — so patch now
Bug allowed threat actors to launch malicious code remotely
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Adobe’s Acrobat Reader, the go-toPDF readerfor many of us, is vulnerable to a flow that allows threat actors to remotely run malicious code on the target device.
The vulnerability is described as a “user after free” flaw, and is tracked as CVE-2024-41896. A “use after free” flaw happens when a program tries to access data in a memory location that was previously freed. If a malicious actor manages to deploy malicious code in that freed piece of memory real estate, it could be executed on the device and, consequently, compromised.
It was discovered by cybersecurity researcher Haifei Li, who created a sandbox platform called EXPMON, designed to detect advanced zero-day exploits. After multiple files were submitted to the platform, the flaw was discovered, and with it the fact that it is being actively exploited in the wild. The silver lining here is that the weaponized .PDF files were not deploying anymalware, but were simply crashing targeted endpoints, which could also mean that the PoC is still in its infancy or experimental stage.
A fix is out there
However, now that the news is out, it is also safe to assume that different threat actors will start looking for unpatched Adobe Acrobat Reader variants to use. Therefore, it is pivotal that IT admins apply the fix as soon as possible.
While we don’t know who is using it, or against whom, we do know that it all begins with a weaponized .PDF document, so it’s safe to assume that the attack starts with a phishing email. PDF files are often used as invoices, purchase orders, and similar.
Adobe released a patch last month, which did not properly address the problem - but the bug was ultimately fixed earlier this week, and was given a new tracking number - CVE-2024-41869.
ViaBleepingComputer
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
More from TechRadar Pro
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
This new phishing strategy utilizes GitHub comments to distribute malware
Should your VPN always be on?
NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)
