Three security flaws in Adobe Acrobat Reader allow root privileges on Mac

A security researcher has discovered a trio of security flaws in Adobe’s Acrobat Reader software that can allow root privilege access. But there’s good news.

Security researcher Yuebin Sun works with Tencent, and he has discovered three security flaws within Adobe’s Acrobat Reader that allow for root privileges on Macs. This access can allow a malicious attacker the ability to reach sensitive data on a machine, so it’s important that users of Adobe’s Acrobat Reader update immediately. The silver lining here is that Adobe has already updated Acrobat Reader to address the security flaws.

You need to make sure that, if you have the software installed on your machine, that you’re running version 2020.009.20063 or later. If you want to run a software update check, open the app, select Help –> Check for Update.

Here’s the summary, written up by Sun:

Today, Adobe Acrobat Reader DC for macOS patched three critical vulnerabilities(CVE-2020-9615, CVE-2020-9614, CVE-2020-9613) I reported. The only requirement needed to trigger the vulnerabilities is that Adobe Acrobat Reader DC has been installed. Normal user on macOS(with SIP enabled) can locally exploit this vulnerabilities chain to elevate privilege to the ROOT without a user being aware. In this blog, I will analyze the details of vulnerabilities and show how to exploit them.

The full report from the security researcher can be read here.

And you can check out Adobe’s security bullet on the matter right here.

If you have Adobe’s Acrobat Reader installed, update immediately.