Adobe's Acrobat Reader, the PDF reader of choice for many of us, is vulnerable to a flow that allows threat actors to remotely execute malicious code on the targeted device.
The vulnerability is described as a “use-after-free” flaw and is identified as CVE-2024-41896. A “use-after-free” flaw occurs when a program attempts to access data in a memory location that was previously freed. If a malicious actor manages to deploy malicious code in that piece of freed memory, it could be executed on the device and, consequently, compromised.
The bug was discovered by cybersecurity researcher Haifei Li, who created a sandbox platform called EXPMON, designed to detect advanced zero-day exploits. After submitting several files to the platform, the flaw was discovered, and with it the fact that it is being actively exploited. The silver lining to this is that the weaponized .PDF files were not actually deploying any malware, but were simply blocking targeted endpoints, which could also mean that the proof-of-concept is still in its early or experimental stages.
There is a solution
However, now that the news is out, it is also safe to assume that different threat actors will start looking for unpatched Adobe Acrobat Reader variants to use. Therefore, it is critical for IT administrators to apply the fix as soon as possible.
While we don't know who is using it or against whom, we do know that it all starts with a weaponized PDF document, so it's safe to assume that the attack begins with a phishing email. PDF files are often used as invoices, purchase orders, and the like.
Adobe released a patch last month that failed to adequately address the issue, but the bug was finally fixed earlier this week and received a new tracking number: CVE-2024-41869.
Through Computer beeping
