Adobe Reader Exploit
Synopsis: Threat actors are actively exploiting an Adobe Reader Zero-Day (CVE-2023-26369) in the wild. This exploit allows attackers to execute code upon successfully exploiting an out-of-bounds write weakness. Local access is needed for this exploit to work due to it requiring some user interaction.
Actions: Adobe recommends updating to the most recent version of Acrobat DC, Acrobat Reader DC, Acrobat 2020, and Acrobat Reader 2020 as soon as possible.
Associated Articles:
Adobe warns of critical Acrobat and Reader zero-day exploited in attacks
Google Rolls Out Patches for Chrome Vulnerability Exploit
Synopsis: On Monday, Google rolled out “out-of-band” security patches to address a critical security flaw in its Chrome web browser that it said has been exploited in the wild.
Tracked as CVE-2023-4863, the issue has been described as a case of heap buffer overflow that resides in the WebP image format that could result in arbitrary code execution or a crash.
Google has not disclosed additional details at this time concerning the nature of the attacks, but they’ve noted that an exploit for CVE-2023-4863 exists in the wild. Also, this comes on the same day that Apple expanded fixes to remediate CVE-2023-41064 for the following devices:
- iOS 15.7.9 and iPadOS 15.7.9 – iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
- macOS Big Sur 11.7.10 and macOS Monterey 12.6.9
CVE-2023-41064 relates to a buffer overflow issue in the Image I/O component that could lead to arbitrary code execution when processing a maliciously crafted image.
About Buffer Overflow: Buffer Overflow occurs when a program attempts to store more data than its memory can hold. This causes two problems:
- Data Overwrite: When data overflows from one memory area into another, it can overwrite other important information or instructions that the program needs to run correctly. This can cause the program to behave unexpectedly or even crash.
- Security Risk: In some cases, attackers deliberately overflow a program’s memory with their own data, like pouring too much coffee on purpose. They can use this to trick the program into running code they want, potentially allowing them to take control of the computer or exploit vulnerabilities.
- Upgrade to Chrome version 116.0.5845.187/.188 (for Windows), 116.0.5845.187 for macOS and Linux to mitigate potential threats.
- Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.
Associated Articles:
Google Patches Critical Chrome Vulnerability Being Exploited
