The Vulnerability “CVE-2014-0514” was discovered by security researcher Yorick Koster of Securify BV and has been explained as,
“An attacker can create a specially crafted PDF file containing Javascript that runs when the target user views (or interacts with) this PDF file. Using anyone of the exposed Javascript the attacker gets access to the public Reflection APIs inherited from Object. These APIs can be abused to run arbitrary Java code.”
Multiple vectors are present in the open by use of which cyber criminals can exploit the vulnerability. for example phishing attack or spam campaign using Facebook or rogue emails can be used to take advantage to exploit the vulnerability. which can result in a compromise of the documents stored in Reader and files stored on SD card from the victim’s device.
Remote code execution vulnerability effects all Adobe Reader Mobile 11.1.3 and earlier version for Android. Adobe has categorized the vulnerability as “critical” and released a updated version “Adobe Reader for Android 11.2.0” which includes the required patch.
Users are being advised to update their Adobe reader for Android devices to the latest version as soon as possible. updated patched version of the Application can be downloaded from here
Adobe Reader for mobile is one of the most popular Application for Android devices. the app allows user to work with Pdf files and has been installed on 100 million to 500 million devices from Google play.
