CVE-2022-35665: 
Adobe Acrobat Reader Continuous vulnerability analysis and mitigation

Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 (and earlier), and 17.012.30249 (and earlier) are affected by a Use After Free vulnerability identified as CVE-2022-35665. The vulnerability was discovered by Kai Lu of Zscaler's ThreatLabz and was publicly disclosed on August 9, 2022. This security flaw affects both Windows and macOS operating systems (Adobe Bulletin, NVD).

The vulnerability is classified as a Use After Free (CWE-416) issue that received a CVSS v3.1 base score of 7.8 (High). The attack vector is local (AV:L), with low attack complexity (AC:L), requires no privileges (PR:N), and needs user interaction (UI:R). The scope is unchanged (S:U), with high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) (Lansweeper, NVD).

If successfully exploited, this vulnerability could result in arbitrary code execution in the context of the current user. The exploitation requires user interaction, specifically requiring a victim to open a malicious file (NVD).

Adobe has released security updates to address this vulnerability. Users should update to Acrobat DC Continuous version 22.001.20191, Acrobat 2020 Classic version 20.005.30381, or Acrobat 2017 Classic version 17.012.30262, depending on their current installation (Lansweeper).