You can download the latest version of Reader Mobile from Softpedia

Apr 16, 2014 11:51 GMT  ·  By

On Monday, Adobe released an update for Adobe Reader for Android to address a vulnerability that could be exploited to remotely execute arbitrary code on impacted smartphones. 

The vulnerability has been assigned the following CVE identifier: CVE-2014-0514. The security hole affects Adobe Reader Mobile 11.1.3 and earlier versions for Android.

The issue was identified by security researchers from Securify.

“This issue can be exploited by opening a malicious PDF in Adobe Reader. Exploiting this issue allows for the execution of arbitrary Java code, which can result in a compromise of the documents stored in Reader and files stored on SD card,” the company noted in its advisory.

According to experts, there’s a list of exposed JavaScript objects that can be used by an attacker to access public Reflection APIs inherited from Object. These APIs can be misused to execute arbitrary Java code.

Additional technical details and a proof-of-concept that demonstrates the existence of the vulnerability have been published on Securify’s website. It’s uncertain when experts reported the bug to Adobe and how long it took the company to release the fix.

Users are advised to update their Adobe Reader Mobile installations as soon as possible. You can download Adobe Reader for Android 11.2.0 from Softpedia.