Adobe Reader and Acrobat vulnerable to attack — what to do now

The icon of the Adobe Acrobat app on a smartphone screen.
(Image credit: g0d4ather/Shutterstock)

If you use Adobe Acrobat Reader to read PDFs, or Adobe Acrobat to create them, then it's time to update. Adobe yesterday (Nov. 3) released new versions of both, for Mac and PC alike, to fix several severe security flaws.

There are 14 vulnerabilities in all, Adobe wrote in its security bulletin, ranging in severity from "Critical" to "Important." The three in the former category all permit arbitrary code execution — i.e. a rogue PDF can use the flaws to hack your PC or Mac. 

Other flaws permit information disclosure (access to private data such as passwords) and local privilege escalation (the PDF gets administrative powers on the machine). 

The affected programs are the Mac and Windows versions of Acrobat DC, Acrobat 2020, Acrobat 2017, Acrobat Reader DC, Acrobat Reader 2020 and Acrobat Reader 2017. ("DC" stands for "Document Cloud"; it's the 2015 version but gets new features the others don't.)

How to update Adobe Acrobat or Acrobat Reader

To manually update any one of these programs, open the program, click Help in the upper left corner and scroll to and select Check for Updates. An updater window will pop open, check for updates and prompt you to download and install whatever is available. You'll have to close your Reader program while the updater works.

You can also just leave the program open and it should eventually notice that an update is ready for download and installation. Or you can start all over again with a new copy of Reader DC from https://get2.adobe.com/reader/. (Just be sure to uncheck the unwanted-program options before you start the download.)

The vulnerable version numbers are 2020.012.20048 and earlier for Acrobat and Reader DC; 2020.001.30005 and earlier for Acrobat and Reader 2020; and 2017.011.30175 and earlier for Acrobat and Reader 2017.

We ran the update for Acrobat Reader DC for Windows and ended up with version 20.012.20064.

To be honest, you don't need the free Adobe Acrobat Reader to view PDFs. Any modern desktop web browser will do. 

Nor do you need the paid Adobe Acrobat to create or edit PDFs. Because Adobe released the Portable Document Format to the public domain in 2008, the format is now an open standard. We've got a list of the best PDF editors as well as the best free PDF editors.

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.

TOPICS