The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a high-severity flaw in Adobe Acrobat Reader to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
Tracked as CVE-2023-21608 (CVSS score: 7.8), the vulnerability has been identified as a use-after-free bug that can be exploited to achieve remote code execution (RCE) with the privileges of the current user. Adobe released a patch for the flaw in January 2023, with credit given to HackSys security researchers Ashfaq Ansari and Krishnakant Patil for discovering and reporting the flaw.