Adobe patches Acrobat Reader security flaw that could allow root access on Mac

Jump to First Reply
AppleInsiderAppleInsider
Posted:
in General Discussion
Adobe has patched a trio of severe vulnerabilities in the Adobe Acrobat PDF reader that could allow an attacking application to gain root access on macOS -- and do it silently.

Credit: Adobe
Credit: Adobe


Utilizing these newly revealed security exploits, a malicious program could elevate privileges to superuser, or root, on macOS. A user or program with root permissions can do just about anything on a Mac device without a user's knowledge.

The flaws were discovered by security researcher Yuebin Sun of Tencent Security. As Sun pointed out in a blog post, the only requirement for exploiting the flaw is that a user has Adobe Acrobat installed.

Adobe has issued a security fix for the three vulnerabilities. The company -- and AppleInsider -- recommends that users update their Acrobat software as soon as possible.

Users can find more information about the flaw and Adobe's response in this security bulletin.

Comments

  • Reply 1 of 12
    sflocalsflocal Posts: 6,161member
    So this is the 3rd-party Acrobat software, and has nothing to do with the built-in PDF reader in MacOS right?

    While I always install it for Windows, I haven’t had to install it for MacOS for like... ever.  The built in PDF functions work perfectly for me!
    bonobobbaconstangols
     3Likes 0Dislikes 0Informatives
  • Reply 2 of 12
    tommy65tommy65 Posts: 56member
    Same here. Preview is just great.
    baconstangols
     2Likes 0Dislikes 0Informatives
  • Reply 3 of 12
    pipserpipser Posts: 20member
    I was wondering to myself while reading the article as to who actually uses Acrobat Reader on a Mac and what the use case would be because Preview does everything I need it to just fine.
    cornchipols
     2Likes 0Dislikes 0Informatives
  • Reply 4 of 12
    knowitallknowitall Posts: 1,648member
    Adobe cannot be trusted.
    Code should never run as root, I do not understand why they do that.
    Installers should use system facilities to get things updated and placed rightly.
    When installing Adobe products users should be warned by the Mac installer that some components run as root.
    Users should discontinue such install then ...
    baconstangols
     2Likes 0Dislikes 0Informatives
  • Reply 5 of 12
    rob53rob53 Posts: 3,352member
    sflocal said:
    So this is the 3rd-party Acrobat software, and has nothing to do with the built-in PDF reader in MacOS right?

    While I always install it for Windows, I haven’t had to install it for MacOS for like... ever.  The built in PDF functions work perfectly for me!
    There are specially written PDF files that require Adobe products to read. It sucks because Preview either can’t open them properly or print them. They use proprietary features that aren’t part of any PDF standard specification. 
    cornchipDAalsethols
     0Likes 0Dislikes 3Informatives
  • Reply 6 of 12
    cornchipcornchip Posts: 1,954member
    rob53 said:
    sflocal said:
    So this is the 3rd-party Acrobat software, and has nothing to do with the built-in PDF reader in MacOS right?

    While I always install it for Windows, I haven’t had to install it for MacOS for like... ever.  The built in PDF functions work perfectly for me!
    There are specially written PDF files that require Adobe products to read. It sucks because Preview either can’t open them properly or print them. They use proprietary features that aren’t part of any PDF standard specification. 
    Editable forms are also a disaster in preview. Sometimes they work OK, lots of times they get all jacked up. 
     0Likes 0Dislikes 0Informatives
  • Reply 7 of 12
    rob53rob53 Posts: 3,352member
    cornchip said:
    rob53 said:
    sflocal said:
    So this is the 3rd-party Acrobat software, and has nothing to do with the built-in PDF reader in MacOS right?

    While I always install it for Windows, I haven’t had to install it for MacOS for like... ever.  The built in PDF functions work perfectly for me!
    There are specially written PDF files that require Adobe products to read. It sucks because Preview either can’t open them properly or print them. They use proprietary features that aren’t part of any PDF standard specification. 
    Editable forms are also a disaster in preview. Sometimes they work OK, lots of times they get all jacked up. 
    It would be nice if Preview could handle forms a lot better. Even better if it could create forms like Adobe products do. 
     0Likes 0Dislikes 0Informatives
  • Reply 8 of 12
    DAalsethdaalseth Posts: 3,276member
    I do a lot of graphics and art. People I know ask why I don’t use Photoshop, Illustrator, or any of the rest of the CreativeCloud. Even if it weren’t rental software, I’ve learned over the years to never, never, never trust Adobe products. They have about as much concern and expertise for security as your average three year old. 
    baconstangknowitallols
     3Likes 0Dislikes 0Informatives
  • Reply 9 of 12
    MplsPmplsp Posts: 4,107member
    I guess now that Flash is dead Adobe needs to find another avenue for its security flaws
    Rayz2016knowitallols
     3Likes 0Dislikes 0Informatives
  • Reply 10 of 12
    lightvox88lightvox88 Posts: 29member
    Does this affect Adobe Acrobat X?
     0Likes 0Dislikes 0Informatives
  • Reply 11 of 12
    fastasleepfastasleep Posts: 6,480member
    Does this affect Adobe Acrobat X?
    Adobe Acrobat Reader DC
     0Likes 0Dislikes 0Informatives
  • Reply 12 of 12
    Rayz2016rayz2016 Posts: 6,957member
    So why does an installer need root access to load a document reader?

    ols
     1Like 0Dislikes 0Informatives
Sign In or Register to comment.