Adobe Patches Acrobat 3 Critical ACEs

August 10, 2022

Adobe Patches Acrobat 3 Critical ACEs

Adobe has released a serious security update for its Acrobat and Reader products, addressing 7 reported vulnerabilities, 3 of which might lead to arbitrary code execution attacks.
In addition, Adobe released updates for the following products – Adobe Commerce, Illustrator, FrameMaker, Premiere Elements.

The ACE Vulnerabilities

  • CVE-2022-35665 (CVSS 3.1: 7.8, High Severity) – Use After Free Vulnerability
  • CVE-2022-35666 (CVSS 3.1: 7.8, High Severity) – Improper Input Validation Vulnerability
  • CVE-2022-35667 (CVSS 3.1: 7.8, High Severity) – Out-of-bounds Write Vulnerability

Exploiting any of these vulnerabilities may lead to remote arbitrary code execution on the target system.

Affected Products

  • Acrobat DC
  • Acrobat Reader DC
  • Acrobat 2020
  • Acrobat Reader 2020
  • Acrobat 2017
  • Acrobat Reader 2017

Mitigation

CYREBRO recommends updating their software installations to the latest versions.

References: Adobe Advisory

Sign Up for Updates