Adobe Acrobat Reader DC patched three serious vulnerabilities today for macOS. Update as soon as possible, because the flaws let malicious programs get root privileges. Security researcher Yuebin Sin wrote about the flaws, and it doesn’t appear as if any of them as been exploited in the wild.
Open the app and click Help > Check for Update in the menu bar. This will install the security patches.
Acrobat Reader Flaws
Root access means that a program can do virtually anything it wants on macOS, like reading/writing files and databases. The part of Acrobat Reader that runs as root is com.adobe.ARMDC.SMJobBlessHelper within /Library/PrivilegedHelperTools/. This process is responsible for updating the software. It also hosts an XPC service called SMJobBlessHelper(com.adobe.ARMDC.SMJobBlessHelper).
- Vulnerability 1: Bad checking of NSXPC connection client.
- Vulnerability 2: Temp directory root protection can by bypassed.
- Vulnerability 3: ValidateBinary and launchARMHammer has a race condition window.
Further details can be found on the blog post, but essentially these flaws can give an attacker arbitrary code execution. Meaning, an attacker can install programs, view/change/delete data, or create new accounts on your Mac with full user privileges.