Mike Peterson
Adobe has patched a trio of severe vulnerabilities in the Adobe Acrobat PDF reader that could allow an attacking application to gain root access on macOS — and do it silently.
Utilizing these newly revealed security exploits, a malicious program could elevate privileges to superuser, or root, on macOS. A user or program with root permissions can do just about anything on a Mac device without a user's knowledge.
The flaws were discovered by security researcher Yuebin Sun of Tencent Security. As Sun pointed out in a blog post, the only requirement for exploiting the flaw is that a user has Adobe Acrobat installed.
Adobe has issued a security fix for the three vulnerabilities. The company — and AppleInsider — recommends that users update their Acrobat software as soon as possible.
Users can find more information about the flaw and Adobe's response in this security bulletin.
Sponsored Content
William Gallagher
Malcolm Owen
Andrew Orr
Wesley Hilliard
Christine McKee
12 Comments
So this is the 3rd-party Acrobat software, and has nothing to do with the built-in PDF reader in MacOS right?
While I always install it for Windows, I haven’t had to install it for MacOS for like... ever. The built in PDF functions work perfectly for me!
Same here. Preview is just great.
I was wondering to myself while reading the article as to who actually uses Acrobat Reader on a Mac and what the use case would be because Preview does everything I need it to just fine.
Adobe cannot be trusted.
Code should never run as root, I do not understand why they do that.
Installers should use system facilities to get things updated and placed rightly.
When installing Adobe products users should be warned by the Mac installer that some components run as root.
Users should discontinue such install then ...