Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a time-of-check time-of-use (TOCTOU) race condition vulnerability that could result in local privilege escalation. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
The product checks the state of a resource before using that resource, but the resource’s state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Acrobat | Adobe | * | 20.001.30005 (including) |
Acrobat_dc | Adobe | * | 17.011.30175 (including) |
Acrobat_dc | Adobe | * | 20.012.20048 (including) |
Acrobat_reader | Adobe | * | 20.001.30005 (including) |
Acrobat_reader_dc | Adobe | * | 17.011.30175 (including) |
Acrobat_reader_dc | Adobe | * | 20.012.20048 (including) |