Adobe fixed 16 critical flaws across its Acrobat and Reader applications and a software development kit that, if exploited, could let someone take complete control over another user’s Mac without them knowing it.
The only requirement for exploiting the flaw is that a user has Adobe Acrobat installed.
Tuesday’s update fixed 36 known vulnerabilities. Those include 24 critical and important flaws in Adobe’s Acrobat and Reader applications, used for creating and managing PDF files, as well as 12 in the Adobe DNG Software Development Kit, which manages raw digital image files.
Security researcher Yuebin Sun of Tencent Security discovered the flaws and made them public in a blog post. It remains unknown exactly when Sun alerted Adobe to the security flaws.
The concern
Adobe said it is “not aware of any exploits in the wild for any of the issues addressed in these updates.” However, the concern is that the vulnerabilities could allow an attacker to use arbitrary code to gain access to someone’s Mac without their knowledge.
You can read the in-depth details in a security bulletin about the Acrobat vulnerabilities and a second one regarding the Software Development Kit security problems.
How to fix Adobe Acrobat and Reader vulnerabilities
The most important thing is for Acrobat users to patch their software immediately. While the patch is for those running version 2020.009.20063 or later, Adobe advises all users to open the app, choose Help, and select Check for Updates.