A critical prototype pollution vulnerability in Adobe Acrobat Reader allows attackers to execute arbitrary code on the victim's machine through malicious file interaction.

This is a prototype pollution vulnerability that allows for the modification of object attributes. Exploitation requires user interaction, specifically the opening of a malicious file, which then triggers arbitrary code execution in the user's context.

With a CVSS score of 9.6, this is a critical vulnerability. An attacker can gain control over a user's workstation, potentially accessing sensitive documents, credentials, and internal network resources, leading to significant reputational and operational damage.

Immediate Action: Update Adobe Acrobat Reader to the latest patched version immediately.

Proactive Monitoring: Monitor for suspicious file access patterns or unusual application behavior following the opening of unexpected documents.

Compensating Controls: Implement endpoint protection (EDR) to detect and block malicious code execution originating from PDF reader processes.

Public Exploit Available: No

Organizations should mandate that all users update Acrobat Reader to the latest version to prevent potential client-side exploitation. User awareness training regarding opening unsolicited documents is also recommended.