Avisos de segurança da Zscaler
Zscaler protects against 14 new vulnerabilities for Adobe Acrobat and Reader
Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 14 vulnerabilities included in the April 2023 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the April release and deploy additional protections, as necessary.
APSB23-24 – Security updates available for Adobe Acrobat and Reader.
Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution, privilege escalation, security feature bypass and memory leak.
Affected Software
- Acrobat DC Continuous 23.001.200932 (Win), 23.001.200932 (Mac) and earlier versions for Windows & macOS
- Acrobat Reader DC Continuous 23.001.200932 (Win), 23.001.200932 (Mac) and earlier versions for Windows & macOS
- Acrobat 2020 Classic 2020 20.005.30441 and earlier versions for Windows & macOS
- Acrobat Reader 2020 Classic 20.005.30441 and earlier versions for Windows & macOS
CVE-2023-26420 – Use After Free vulnerability leading to Arbitrary code execution.
Severity: Critical
CVE-2023-26419 – Use After Free vulnerability leading to Arbitrary code execution.
Severity: Critical
CVE-2023-26418 – Use After Free vulnerability leading to Arbitrary code execution.
Severity: Critical
CVE-2023-26417 – Use After Free vulnerability leading to Arbitrary code execution.
Severity: Critical
CVE-2023-26395 – Out-of-bounds Write vulnerability leading to Arbitrary code execution.
Severity: Critical
CVE-2023-26421 – Integer Underflow vulnerability leading to Arbitrary code execution.
Severity: Critical
CVE-2023-26422 – Use After Free vulnerability leading to Arbitrary code execution.
Severity: Critical
CVE-2023-26423 – Use after free vulnerability leading to Arbitrary code execution.
Severity: Critical
CVE-2023-26424 – Use After Free vulnerability leading to Arbitrary code execution.
Severity: Critical
CVE-2023-26425 – Out-of-bounds write vulnerability leading to Arbitrary code execution.
Severity: Critical
CVE-2023-26397 – Out-of-bounds Read vulnerability leading to Memory leak.
Severity: Important
CVE-2023-26405 – Improper Input validation vulnerability leading to Arbitrary code execution.
Severity: Critical
CVE-2023-26406 – Improper Access Control leading to Security Feature Bypass
Severity: Critical
CVE-2023-26408 – Improper Access Control vulnerability leading to Security Feature bypass.
Severity: Important