Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco Talos recently discovered two use-after-free vulnerabilities in Adobe Acrobat Reader DC that could allow an attacker to eventually gain the ability to execute arbitrary code.
Cisco Talos worked with Adobe to ensure that these issues are resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy.
Users are advised to update the following software, which is tested and confirmed to be affected by these vulnerabilities: Adobe Acrobat Reader, version 2022.001.20085.
The following Snort rules will detect exploitation attempts against this vulnerability: 59644, 59645, 59942 and 59943. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Cisco Secure Firewall management center or Snort.org.