Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 26 vulnerabilities included in the August 2023 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the August release and deploy additional protections, as necessary.

APSB23-30 – Security updates available for Adobe Acrobat and Reader.

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution, privilege escalation, security feature bypass and memory leak.

Affected Software

Acrobat DC Continuous 23.003.20244 (Win), 23.003.20244 (Mac) and earlier versions for Windows & macOS
Acrobat Reader DC Continuous 23.003.20244 (Win), 23.003.20244 (Mac) and earlier versions for Windows & macOS
Acrobat 2020 Classic 2020 20.005.30467 and earlier versions for Windows & macOS
Acrobat Reader 2020 Classic 20.005.30467 and earlier versions for Windows & macOS

CVE-2023-38235 – Out-of-bounds Read vulnerability leading to Memory Leak.

Severity: Critical

CVE-2023-38236 – Out-of-bounds Read vulnerability leading to Memory leak.

Severity: Important

CVE-2023-38237 – Out-of-bounds Read vulnerability leading to Memory leak.

Severity: Important

CVE-2023-38238 – Use After Free vulnerability leading to Memory leak.

Severity: Moderate

CVE-2023-38240 – Out-of-bounds Read vulnerability leading to Memory leak.

Severity: Important

CVE-2023-38239 – Out-of-bounds Read vulnerability leading to Memory leak.

Severity: Important

CVE-2023-38241 – Out-of-bounds Read vulnerability leading to Memory leak.

Severity: Important

CVE-2023-38234 – Access of Uninitialized Pointer vulnerability leading to Arbitrary code execution.

Severity: Critical

CVE-2023-38242 – Out-of-bounds Read vulnerability leading to Memory leak.

Severity: Important

CVE-2023-38233 – Out-of-bounds write vulnerability leading to Arbitrary code execution.

Severity: Critical

CVE-2023-38244 – Out-of-bounds Read vulnerability leading to Memory leak.

Severity: Important

CVE-2023-38247 – Out-of-bounds Read vulnerability leading to Memory leak.

Severity: Moderate

CVE-2023-38248 – Out-of-bounds Read vulnerability leading to Memory leak.

Severity: Moderate

CVE-2023-38232 – Out-of-bounds Read vulnerability leading to Memory Leak.

Severity: Critical

CVE-2023-38231 – Out-of-bounds Write vulnerability leading to Arbitrary code execution.

Severity: Critical

CVE-2023-38230 – Use After Free vulnerability leading to Memory Leak.

Severity: Critical

CVE-2023-38229 – Out-of-bounds Read vulnerability leading to Memory Leak.

Severity: Critical

CVE-2023-29303 – Use After Free vulnerability leading to Memory leak.

Severity: Important

CVE-2023-38222 – Use After Free vulnerability leading to Arbitrary code execution.

Severity: Critical

CVE-2023-38228 – Use After Free vulnerability leading to Arbitrary code execution.

Severity: Critical

CVE-2023-38227 – Use After Free vulnerability leading to Arbitrary code execution.

Severity: Critical

CVE-2023-38226 – Access of Uninitialized Pointer vulnerability leading to Arbitrary code execution.

Severity: Critical

CVE-2023-38225 – Use After Free vulnerability leading to Arbitrary code execution.

Severity: Critical

CVE-2023-38224 – Use After Free vulnerability leading to Arbitrary code execution.

Severity: Critical

CVE-2023-38246 – Access of Uninitialized Pointer vulnerability leading to Arbitrary code execution.

Severity: Critical

CVE-2023-38223 – Access of Uninitialized Pointer vulnerability leading to Arbitrary code execution.

Severity: Critical