Adobe’s patch for a remote code execution (RCE) bug in Acrobat this week doesn’t mention that the vulnerability is considered a zero-day nor that a proof-of-concept (PoC) exploit exists, a researcher warns. As part of Adobe’s Patch Tuesday, the creative software slinger fixed CVE-2024-41869 – a vulnerability originally reported in June by researcher Haifei Li, founder of zero-day and exploit-detection platform Expmon.

Source: The Register