Adobe has issued an out-of-band security update to patch two critical vulnerabilities in the company’s Acrobat and Reader for both the Windows and macOS operating systems.
Though the San Jose, California-based software company did not give details about the vulnerabilities, it did classify the security flaws as critical since they allow privilege escalation and arbitrary code execution in the context of the current user.
Affected Software Versions and Security Patches
Acrobat and Reader DC 2015 version 2015.006.30461 and earlier, 2017 version 2017.011.30110 and earlier, and Continuous version 2019.010.20064 and earlier for the Windows and macOS operating systems are affected by the vulnerabilities.
Attackers can exploit the flaw by tricking a user into clicking a specially crafted PDF file, which will eventually execute code of their choice with the privileges of the currently logged-in user, allowing attackers to run any malicious software on the victims’ computers without their knowledge.