The Adobe Acrobat and Reader issue is CVE-2023-21608, a use-after-free vulnerability which can be exploited to achieve remote code execution (RCE) with the privileges of the current user.
Adobe released patches for this flaw in January 2023, but numerous proof-of-concept (PoC) exploits and technical write-ups have been published since, creating opportunities for threat actors to start targeting the issue in attacks.
Although there appear to be no public reports describing in-the-wild exploitation of CVE-2023-21608, CISA says it only adds CVEs to the KEV list based on solid proof that exploitation has occurred.