Adobe Acrobat and Acrobat Reader DC Prototype Pollution Vulnerability Leading to Arbitrary Code Execution

A prototype pollution vulnerability has been identified in Adobe Acrobat and Acrobat Reader DC. This issue affects versions through 26.001.21411, as well as Acrobat 2024 versions through 24.001.30362 on Windows and macOS. The vulnerability allows for improper control over the modification of object prototype attributes, which could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction, as a victim must open a malicious file.

Impact

Exploitation of this vulnerability could result in arbitrary code execution on the affected system, executed in the context of the user.

Remediation

Users are advised to update to the latest versions of Adobe Acrobat or Acrobat Reader DC. The latest versions can be downloaded from the Adobe website or via the Adobe Update mechanism. For IT administrators, updates can be deployed using preferred methodologies such as SCUP/SCCM on Windows or Apple Remote Desktop and SSH on macOS.