Adobe Acrobat for Android
Lookout Coverage and Recommendation for Admins
Admins should ensure that the default vulnerable app policy is enabled in the Protections page of the Lookout console. Any vulnerable version of Adobe Acrobat will be classified as a threat, so all users with a vulnerable version will receive an alert as well as guidance on how to update from Lookout on their device. In addition, admins can denylist any version of Adobe Acrobat for Android before 21.9.0.
Overview
There has been a critical vulnerability found in Acrobat Reader for Android devices that could enable an unauthorized user to execute arbitrary code executing on the user’s device. The vulnerability, CVE-2021-40724, was given a score of 7.8 by NIST, seems to affect all versions of the app before 21.9.0. The patched version of the app is now available in the Google Play store, and every vulnerable user should update to the latest version of Adobe Reader for Android as soon as possible.
Arbitrary code execution (ACE) is a significant risk to any vulnerable device, the apps on it, and the data it has access to. ACE vulnerabilities enable the attacker to run any command or code they desire on the targeted device. For this vulnerability, NIST notes that “exploitation of this issue requires user interaction in that a victim must open a malicious file.” With that being the case, attackers would most likely deliver the file as a malicious attachment in socially engineered outreach to a target.
Lookout Analysis
Adobe Acrobat is a very popular app in the enterprise setting, which means attackers may focus on creating social engineering campaigns that have a corporate angle. The security research community has noted threat actors are more frequently launching sharing malicious files through social engineering on collaboration platforms like Google Drive and Dropbox. With arbitrary code execution, the attacker may use this tactic to exploit the vulnerability and run code that puts corporate data at risk. Other tactics for delivering malicious files include sharing in on social media platforms, professional networking apps, and third-party messengers.
Authors
Lookout
Lookout is a cybersecurity company that makes it possible for tens of millions of individuals, enterprises and government agencies to be both mobile and secure. Powered by a dataset of virtually all the mobile code in the world -- 40 million apps and counting -- the Lookout Security Cloud can identify connections that would otherwise go unseen and predict and stop mobile attacks before they do harm. The world’s leading mobile network operators, including AT&T, Deutsche Telekom, EE, KDDI, Orange, Sprint, T-Mobile and Telstra, have selected Lookout as its preferred mobile security solution. Lookout is also partnered with such enterprise leaders as AirWatch, Ingram Micro, Microsoft, and MobileIron. Headquartered in San Francisco, Lookout has offices in Amsterdam, Boston, London, Sydney, Tokyo, Toronto and Washington, D.C.
