If you're one of the 400 million Android users out there who have installed Adobe Reader app that helps you to view PDF documents on mobile devices, then you should immediately update your app from Google Play Store.
Adobe has released an updated Adobe Reader 11.2.0 version to addresses an important vulnerability that could be exploited to gain 'remote code execution' ability on the affected system.
According to the Adobe advisory, vulnerability (CVE-2014-0514) resides in the implementation of JavaScript APIs on Adobe Reader 11.2 that could be exploited to execute arbitrary code within Adobe Reader.
Adobe vulnerability discovered by security researcher Yorick Koster of Securify BV, claimed that an attacker can create a specially crafted PDF file containing malicious JavaScript code that triggers when the victim will try to open it using affected Adobe Reader for Android Operating System.
Multiple attack vectors are available to deploy a malicious PDF, i.e. Cyber criminals can use phishing attacks or Facebook Spam to take advantage of such vulnerabilities.
Successful exploitation could allow a malicious attacker to access your important files stored on the Device SD card. Researchers also published a crafted PDF file as Proof of concept, to demonstrate the vulnerability.
Users are advised to update their Adobe Reader for Android as soon as possible. Stay Safe!
