Skip to main content

Adobe releases new version of Acrobat for macOS to patch critical security vulnerabilities

Adobe has pushed a critical update to Adobe Acrobat for macOS today, fixing a trio of vulnerabilities reported by Tencent Security Xuanwu Lab researcher Yuebin Sun. The issue, as highlighted by Gizmodo, could have allowed root access to a Mac without being detected.

Sun reported the vulnerabilities to Adobe directly, explaining that even with macOS System Integrity Protection enabled, the flaw could have allowed system-level access to an Adobe Acrobat DC user’s Mac.

Today, Adobe Acrobat Reader DC for macOS patched three critical vulnerabilities(CVE-2020-9615, CVE-2020-9614, CVE-2020-9613) I reported. The only requirement needed to trigger the vulnerabilities is that Adobe Acrobat Reader DC has been installed. A normal user on macOS(with SIP enabled) can locally exploit this vulnerabilities chain to elevate privilege to the ROOT without a user being aware.

As Gizmodo points out, the one important thing to note is that the hacker would need physical access to your Mac to take advantage of this vulnerability.

In addition to patching these vulnerabilities, today’s update to Acrobat DC on Mac also adds Protected Mode to further address security concerns. “The Protected Mode (sandbox) is a core architecture change and covers all the features and workflows in Acrobat. By default, the Protected Mode is turned off,” Adobe explains.

How to enable Protected Mode:

  1. On the menu, go to Edit > Preferences.
  2. From the Categories, click Security (Enhanced), and then select Enable Protected Mode at Startup (Preview).
  3. Quit Acrobat and relaunch.

Other changes in today’s update to Adobe Acrobat DF include a new streamlined Fill & Sign experience, a new Sign menu, and more

For the full technical details of these vulnerabilities, you can read Sun’s full breakdown here. The details on the Adobe Acrobat DC update can be found here. To update your version of Adobe Acrobat, open the app on your Mac and go to Help then Check for Updates.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Chance Miller Chance Miller

Chance is an editor for the entire 9to5 network and covers the latest Apple news for 9to5Mac.

Tips, questions, typos to chance@9to5mac.com