On Tuesday, May 12, 2020, Adobe released updates for Adobe Acrobat and Reader [1]for both Windows and MacOS. On MacOS with Adobe Reader DC installed, successful exploitation would allow a normal user to elevate privileges to root silently[2].
Systems managed by ISC's IBM Endpoint Manager ("BigFix") can expect to be patched for this vulnerability shortly. Systems administrators of other endpoint management solutions are strongly encouraged to push this patch to their deployments.
For users in unmanaged environments, ISC recommends users update their software installations to the latest versions by following the instructions below.
The latest product versions are available to end-users via one of the following methods:
• Users can update their product installations manually by choosing Help > Check for Updates.
• By default, the products will update automatically, without requiring user intervention, when updates are detected.
• The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center[3].
References:
[1] https://helpx.adobe.com/security/products/acrobat/apsb20-24.html