CVE-2023-44336: 
Adobe Acrobat Reader Continuous vulnerability analysis and mitigation

Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability identified as CVE-2023-44336. The vulnerability was disclosed on November 14, 2023, affecting both Windows and macOS operating systems. This security flaw could potentially lead to arbitrary code execution in the context of the current user, though exploitation requires user interaction through opening a malicious PDF file (NVD, MITRE).

The vulnerability is classified as a Use After Free (CWE-416) issue that occurs when the vulnerable software handles a maliciously crafted PDF file. The severity of this vulnerability is rated as HIGH with a CVSS v3.1 Base Score of 7.8, and vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability affects both the continuous and classic versions of Adobe Acrobat and Acrobat Reader (NVD, FortiGuard).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code within the context of the current user's privileges. The potential impact includes system compromise, where remote attackers can gain control of vulnerable systems. The vulnerability affects both the confidentiality, integrity, and availability of the system with high severity ratings for each aspect (FortiGuard).

Adobe has released security updates to address this vulnerability. Users are strongly recommended to apply the most recent upgrade or patch available from Adobe. The fix is available through Adobe's security bulletin APSB23-54 (Adobe Security).

The vulnerability was identified and reported by Cisco Talos (ciscotalos), demonstrating ongoing security research collaboration within the industry (Adobe Security).