Adobe recently released a public fix for a critical vulnerability in Adobe Acrobat Reader that could allow remote code execution. This vulnerability, tracked as CVE-2024-41869, is a “use after free” flaw that could be exploited by attackers to execute malicious code when a specially crafted PDF document is opened.
A “use after free” bug occurs when a program attempts to access data in a memory location that has already been released. This can lead to unexpected behavior, such as crashes or freezing. However, if a threat actor is able to inject malicious code into that memory location and the program accesses it, the attacker could execute the code on the targeted device.
The vulnerability was discovered in June through the EXPMON platform, created by cybersecurity researcher Haifei Li to detect advanced exploits like zero-days. The platform focuses on exploit and vulnerability detection, which is different from traditional malware detection systems. Li submitted a large number of samples to EXPMON for analysis, including a PDF with a proof-of-concept exploit that caused a crash.
After disclosing the flaw to Adobe, a security update was released in August, but it did not completely fix the vulnerability. The exploit could still be triggered after closing certain dialogs. However, Adobe has now released a new security update that addresses the bug, identified as CVE-2024-41869.
Li will share more details on how the vulnerability was detected on EXPMON’s blog and provide technical information in an upcoming report by Check Point Research. It is crucial for users to update their Adobe Acrobat Reader to the latest version to protect against potential exploitation of this vulnerability.