Recently, the Cybersecurity and Infrastructure Security Agency (CISA) added a new Adobe Acrobat Reader vulnerability to its catalog - CVE-2023-21608. Versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected due to a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. This vulnerability can be exploited by bad actors if a user opens a malicious file.
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to companies.
While most detection-based solutions will be largely ineffective whilst the exploit is still classed as zero-day, there are other ways to mitigate the threat. Glasswall’s zero-trust CDR technology is fast to deploy and can protect organizations and government departments against complex file-based threats instantly, even if they have not been observed before and without the need for temporary mitigation solutions. Our patented CDR technology treats all files as untrusted and instantly rebuilds the file back to a ‘known-good’ standard. Our CDR technology also analyzes all embedded components of a file's internal components.
No element of the file can avoid analysis, sanitization or removal, protecting users comprehensively against vulnerabilities in Adobe Acrobat such as CVE-2023-21608.