The only requirement needed to trigger the vulnerabilities is that Adobe Acrobat Reader DC has been installed. Today, Adobe Acrobat Reader DC for macOS patched three critical vulnerabilities(CVE-2020-9615, CVE-2020-9614, CVE-2020-9613) I reported.
Sun reported the vulnerabilities to Adobe directly, explaining that even with macOS System Integrity Protection enabled, the flaw could have allowed system-level access to an Adobe Acrobat DC user’s Mac. The issue, as highlighted by Gizmodo, could have allowed root access to a Mac without being detected. Adobe has pushed a critical update to Adobe Acrobat for macOS today, fixing a trio of vulnerabilities reported by Tencent Security Xuanwu Lab researcher Yuebin Sun.
