Adobe fixed Acrobat bug, neglected to mention whole zero-day exploit thing - #CVE-2024-41869
Adobe has addressed a critical remote code execution (RCE) vulnerability, CVE-2024-41869, in Acrobat that was initially reported in June. The vulnerability, which has a high CVSS score of 7.8, required two patches to be considered resolved. Despite its severity, Adobe did not highlight it as a zero-day with an existing proof-of-concept (PoC) exploit, possibly leading to lower prioritization by system administrators. Expmon, who reported the vulnerability, plans to release a sample PDF demonstrating the PoC exploit, stressing the urgency for prompt patching. The sample PDF currently causes Acrobat Reader to crash but sets the stage for potential RCE attacks. Further insights will be detailed in a forthcoming blog by Expmon and Check Point Research.