Adobe Acrobat users should probably go about updating to that version sooner rather than later. Thankfully, Adobe already knows about the problem and has issued a patch under version number 2020.009.20063. A normal user on macOS(with SIP enabled) can locally exploit this vulnerabilities chain to elevate privilege to the ROOT without a user being aware The only requirement needed to trigger the vulnerabilities is that Adobe Acrobat Reader DC has been installed. These include plug-ins for Adobe Acrobat and Reader, and standalone viewers for. Today, Adobe Acrobat Reader DC for macOS patched three critical vulnerabilities(CVE-2020-9615, CVE-2020-9614, CVE-2020-9613) I reported.
That would then allow them to access all of their data, too.
The company's Acrobat Reader is the latest to fall foul of security researchers with Tencent's Yuebin Sun today disclosing three new vulnerabilities that could give someone root access to a Mac. Adobe and security flaws go together like.
