Opening malicious PDF in Android version of Adobe reader allows attacker to access files

Sponsored Links

The android version of Adobe PDF Reader contains a security bug that could allow an attacker to compromise documents stored in reader and other files stored on the android's SD card.

Security researcher says the problem is there because the Adobe reader exposes few insecure javascript interfaces.  These javascript interfaces allows an attacker to run malicious javascript code inside Adobe reader.

"An attacker can create a specially crafted PDF file containing Javascript that runs when the target user views (or interacts with) this PDF file" security researcher Yorick Koster from Security said.

Researcher has successfully verified the existence of vulnerability in the version 11.1.3 of the adobe reader for Android. The bug has been fixed in the latest version 11.2.0.

He also have released a poc code that will create '.txt' file, when an user open the specially crafted .pdf on vulnerable version of reader.
Category: / /

Share this with Your friends: