CVE-2020-24429
Acrobat Reader DC for macOS Signature Verification Bypass Could Lead to Privilege Escalation
In short
Acrobat Reader DC on macOS has a flaw where it doesn't properly verify digital signatures in PDF files, allowing an attacker to trick the application into trusting a malicious document. This could let an attacker gain higher privileges on the system if a user opens a specially crafted PDF.
Technical detail
A signature verification bypass in Acrobat Reader DC (macOS versions 2020.012.20048 and earlier, 2020.001.30005 and earlier, 2017.011.30175 and earlier) allows local privilege escalation when a user opens a malicious PDF file. The vulnerability stems from improper validation of digital signatures, enabling an attacker to execute code with elevated privileges.
Summary generated and translated by AI from the official description.
Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a signature verification bypass that could result in local privilege escalation. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected products
Adobe · Acrobat ReaderWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →