A critical security vulnerability has been found in Adobe Reader Mobile, the version of the popular PDF Reader developed for the Android operating system, which could lead to remote hackers compromising documents stored on your Android device and its SD memory card.
If you were feeling smug that you had managed to avoid the Heartbleed flaw affecting up to 50 million Android users because you’re not running Android 4.1.1 of Jellybean, then perhaps you should wipe that smile off your face.
Because there’s every possibility that you’re running a vulnerable version of Adobe Reader on your Android, which is carrying by a critical (if not Heartbleed-related) security hole.
In fact, it is believed that the Android version of Adobe Reader is used on between “100 million to 500 million” devices around the world – meaning that could be a fair number of affected users.
Koster released proof-of-concept code demonstrating how the flaw could be abused by attackers, and informed Adobe of the problem.
To fix the flaw, Adobe has released version 11.2.0 of its Reader software for Android smartphones and tablets, which is available from the official Google Play store.
Version 11.2.0 of Adobe’s Reader software for Android described the update as providing “Improved Security”:
Obviously, as with Adobe software for your PC or Apple Mac, the only safe course of action is to download your Adobe updates from official outlets. It’s all too common to see cybercriminals attempt to spread their malware attacks by disguising them as security updates from the likes of Adobe.
Take care online, and ensure that all your computing devices are kept up-to-date with security patches – whether they be on your desktop, your laptop, or in your pocket.
This article originally appeared on the Lumension blog.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.