Now’s the time to update your copy of Adobe Acrobat Reader DC.
Adobe on Thursday announced that the company had patched three serious vulnerabilities within Acrobat Reader DC that allowed for malicious programs to gain access to root privileges.
According to security researcher Yuebin Sin, it doesn’t appear as if the vulnerabilities had yet been exploited in the wild.
Root access means that a program can do virtually anything it wants on macOS, like reading/writing files and databases. The part of Acrobat Reader that runs as root is com.adobe.ARMDC.SMJobBlessHelper within /Library/PrivilegedHelperTools/. This process is responsible for updating the software. It also hosts an XPC service called SMJobBlessHelper(com.adobe.ARMDC.SMJobBlessHelper).
The vulnerabilities are as follows:
- Vulnerability 1: Bad checking of NSXPC connection client.
- Vulnerability 2: Temp directory root protection can by bypassed.
- Vulnerability 3: ValidateBinary and launchARMHammer has a race condition window.
To patch your copy of Adobe Reader DC, open the app, click Help, then click Check for Update. This will download the new version and install the security patches.
Full details can be found on the blog post, but these flaws allowed for an attacker to arbitrarily execute code, and potentially install programs, view/change/delete data, or create new accounts on your Mac with full user privileges.
Via The Mac Observer and Yuebin Sin’s Blog