There's a flaw in Adobe Acrobat Reader that gives people root access to your Mac

MacBook Pro with a cup of coffee and iPhone
MacBook Pro with a cup of coffee and iPhone (Image credit: iMore)

What you need to know

  • Adobe doesn't have a great history in terms of security.
  • Its Acrobat Reader app has a flaw that could allow an attacker to gain root access to a Mac.
  • It's already been fixed and an update is available, though.

Adobe and security flaws go together like... two things that really go well together. The company's Acrobat Reader is the latest to fall foul of security researchers with Tencent's Yuebin Sun today disclosing three new vulnerabilities that could give someone root access to a Mac. That would then allow them to access all of their data, too. MacRumors first spotted the disclosure.

Today, Adobe Acrobat Reader DC for macOS patched three critical vulnerabilities(CVE-2020-9615, CVE-2020-9614, CVE-2020-9613) I reported. The only requirement needed to trigger the vulnerabilities is that Adobe Acrobat Reader DC has been installed. A normal user on macOS(with SIP enabled) can locally exploit this vulnerabilities chain to elevate privilege to the ROOT without a user being aware

Thankfully, Adobe already knows about the problem and has issued a patch under version number 2020.009.20063. Adobe Acrobat users should probably go about updating to that version sooner rather than later.

Or, you know. Just get rid of it altogether.

Oliver Haslam
Contributor

Oliver Haslam has written about Apple and the wider technology business for more than a decade with bylines on How-To Geek, PC Mag, iDownloadBlog, and many more. He has also been published in print for Macworld, including cover stories. At iMore, Oliver is involved in daily news coverage and, not being short of opinions, has been known to 'explain' those thoughts in more detail, too.

Having grown up using PCs and spending far too much money on graphics card and flashy RAM, Oliver switched to the Mac with a G5 iMac and hasn't looked back. Since then he's seen the growth of the smartphone world, backed by iPhone, and new product categories come and go. Current expertise includes iOS, macOS, streaming services, and pretty much anything that has a battery or plugs into a wall. Oliver also covers mobile gaming for iMore, with Apple Arcade a particular focus. He's been gaming since the Atari 2600 days and still struggles to comprehend the fact he can play console quality titles on his pocket computer.