Adobe Reader for Android 11 Updated to Fix Remote Code Execution Vulnerability

You can download the latest version of Reader Mobile from Softpedia

By on April 16th, 2014 11:51 GMT

On Monday, Adobe released an update for Adobe Reader for Android to address a vulnerability that could be exploited to remotely execute arbitrary code on impacted smartphones. 

The vulnerability has been assigned the following CVE identifier: CVE-2014-0514. The security hole affects Adobe Reader Mobile 11.1.3 and earlier versions for Android.

The issue was identified by security researchers from Securify.

“This issue can be exploited by opening a malicious PDF in Adobe Reader. Exploiting this issue allows for the execution of arbitrary Java code, which can result in a compromise of the documents stored in Reader and files stored on SD card,” the company noted in its advisory.

According to experts, there’s a list of exposed JavaScript objects that can be used by an attacker to access public Reflection APIs inherited from Object. These APIs can be misused to execute arbitrary Java code.

Additional technical details and a proof-of-concept that demonstrates the existence of the vulnerability have been published on Securify’s website. It’s uncertain when experts reported the bug to Adobe and how long it took the company to release the fix.

Users are advised to update their Adobe Reader Mobile installations as soon as possible. You can download Adobe Reader for Android 11.2.0 from Softpedia.

Comments