What you need to know
- Adobe doesn't have a great history in terms of security.
- Its Acrobat Reader app has a flaw that could allow an attacker to gain root access to a Mac.
- It's already been fixed and an update is available, though.
Adobe and security flaws go together like... two things that really go well together. The company's Acrobat Reader is the latest to fall foul of security researchers with Tencent's Yuebin Sun today disclosing three new vulnerabilities that could give someone root access to a Mac. That would then allow them to access all of their data, too. MacRumors first spotted the disclosure.
Today, Adobe Acrobat Reader DC for macOS patched three critical vulnerabilities(CVE-2020-9615, CVE-2020-9614, CVE-2020-9613) I reported. The only requirement needed to trigger the vulnerabilities is that Adobe Acrobat Reader DC has been installed. A normal user on macOS(with SIP enabled) can locally exploit this vulnerabilities chain to elevate privilege to the ROOT without a user being aware
Thankfully, Adobe already knows about the problem and has issued a patch under version number 2020.009.20063. Adobe Acrobat users should probably go about updating to that version sooner rather than later.
Or, you know. Just get rid of it altogether.
We may earn a commission for purchases using our links. Learn more.