Vulnerability Spotlight: Adobe Acrobat DC use-after-free issues could lead to arbitrary code execution

Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.

Cisco Talos recently discovered two use-after-free vulnerabilities in Adobe Acrobat Reader DC that could allow an attacker to eventually gain the ability to execute arbitrary code.

Acrobat is one of the most popular PDF reader software options available currently. It includes the ability to read and process JavaScript to give PDFs greater interactivity and customization options for users. This vulnerability exists in the way Acrobat Reader processes JavaScript.

TALOS-2022-1516 (CVE-2022-34221) is a type confusion vulnerability that is triggered if the user opens a PDF with specially crafted, malicious JavaScript embedded. Object misuse can cause memory corruption, which can lead to arbitrary code execution. TALOS-2022-1525 (CVE-2022-34230) can trigger the reuse of a freed object, which can ultimately result in arbitrary code execution, as well.

Cisco Talos worked with Adobe to ensure that these issues are resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy.

Users are advised to update the following software, which is tested and confirmed to be affected by these vulnerabilities: Adobe Acrobat Reader, version 2022.001.20085.

The following Snort rules will detect exploitation attempts against this vulnerability: 59644, 59645, 59942 and 59943. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Cisco Secure Firewall management center or Snort.org.