CVE-2021-40724

Name of the Vulnerable Software and Affected Versions Acrobat Reader for Android versions 21.8.0 and earlier

Description The issue is a Path traversal vulnerability that allows an unauthenticated attacker to achieve arbitrary code execution in the context of the current user. Exploitation requires user interaction, where a victim must open a malicious file. The vulnerability can be leveraged through a series of steps, including loading a website with an exploit, triggering an exported component from the Acrobat Reader app, downloading a payload native library, and exploiting the DIR traversal vulnerability.

Recommendations For Acrobat Reader for Android versions 21.8.0 and earlier, update to a version later than 21.8.0 to resolve the issue. As a temporary workaround, consider avoiding opening files from untrusted sources until a patch is available. Restrict access to the app's internal storage to minimize the risk of exploitation. Avoid using the app to open potentially malicious files until the issue is resolved.