On Monday, Adobe released an update for Adobe Reader for Android to address a vulnerability that could be exploited to remotely execute arbitrary code on impacted smartphones.The vulnerability has been assigned the following CVE identifier: CVE-2014-0514. The security hole affects Adobe Reader Mobile 11.1.3 and earlier versions for Android.
The issue was identified by security researchers from Securify.
“This issue can be exploited by opening a malicious PDF in Adobe Reader. Exploiting this issue allows for the execution of arbitrary Java code, which can result in a compromise of the documents stored in Reader and files stored on SD card,” the company noted in its advisory.
Additional technical details and a proof-of-concept that demonstrates the existence of the vulnerability have been published on Securify’s website. It’s uncertain when experts reported the bug to Adobe and how long it took the company to release the fix.
Users are advised to update their Adobe Reader Mobile installations as soon as possible. You can download Adobe Reader for Android 11.2.0 from Softpedia.