place Google AdSense code here
The Adobe PDF Reader - android version contains a security bug that could allow an attacker to compromise documents stored in reader and other files stored on the android's memory card.
According to a security researcher the problem is because of few insecure Javascript interfaces. These Javascript interfaces allow an attacker to run malicious Javascript code inside Adobe reader.
"An attacker can create a specially crafted PDF file containing Javascript that runs when the target user views (or interacts with) this PDF file" security researcher Yorick Koster said.
Researcher has successfully verified the existence of vulnerability in the version 11.1.3 of the adobe reader for Android. The bug has been fixed in the latest version 11.2.0.
He also have released a poc code that will create '.txt' file, when an user open the specially crafted .pdf on vulnerable version of reader. And that makes bug easily to be worked for the hacker.
Adobe needs to take serious notice on such stupid bugs which are harming users data and also creating user a lack of trust to ADOBE.
0 comments: Post Yours! Read Comment Policy ▼
PLEASE NOTE:
We have Zero Tolerance to Spam. Chessy Comments and Comments with Links will be deleted immediately upon our review.
Post a Comment