CVE-2021-40724 – A path traversal vulnerability in Adobe Acrobat... (How to Fix)

Q: What is the severity of CVE-2021-40724?

CVE-2021-40724 has a CVSS score of 7.8 (HIGH). A path traversal vulnerability in Adobe Acrobat Reader for Android allows attackers to execute arbitrary code by tricking users into opening malicious PDF files. This affects Android users running Acrobat Reader version 21.8.0 or earlier. Successful exploitation requires user interaction but grants code execution with the victim's permissions.

📋 TL;DR

A path traversal vulnerability in Adobe Acrobat Reader for Android allows attackers to execute arbitrary code by tricking users into opening malicious PDF files. This affects Android users running Acrobat Reader version 21.8.0 or earlier. Successful exploitation requires user interaction but grants code execution with the victim's permissions.

💻 Affected Systems

Products:

Adobe Acrobat Reader for Android

Versions: 21.8.0 and earlier

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: All Android devices with vulnerable Acrobat Reader versions are affected regardless of configuration.

📦 What is this software?

Acrobat Reader by Adobe

View all CVEs affecting Acrobat Reader →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the Android device, allowing data theft, surveillance, ransomware deployment, or persistence mechanisms installation.

🟠

Likely Case

Limited data exfiltration from the device or installation of secondary malware payloads after user opens a malicious PDF.

🟢

If Mitigated

No impact if users avoid opening untrusted PDFs or have updated to patched versions.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file) but no authentication. No public exploit code was available at disclosure.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 21.9.0 and later

Vendor Advisory: https://helpx.adobe.com/security/products/reader-mobile/apsb21-89.html

Restart Required: No

Instructions:

1. Open Google Play Store on Android device. 2. Search for Adobe Acrobat Reader. 3. Tap Update if available. 4. Ensure version is 21.9.0 or higher.

🔧 Temporary Workarounds

Disable PDF opening in Acrobat Reader

android

Set other PDF viewers as default to prevent Acrobat Reader from automatically opening PDF files

Restrict app permissions

android

Remove unnecessary permissions from Acrobat Reader to limit potential damage

🧯 If You Can't Patch

Block PDF downloads from untrusted sources via email/web filtering
Educate users to never open PDFs from unknown senders

🔍 How to Verify

Check if Vulnerable:

Check Acrobat Reader version in Android app settings. If version is 21.8.0 or earlier, device is vulnerable.

Check Version:

No command line option. Check via Android Settings > Apps > Adobe Acrobat Reader > App Info

Verify Fix Applied:

Confirm Acrobat Reader version is 21.9.0 or higher in app settings.

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns in Acrobat Reader logs
PDF files with unusual paths or names being processed

Network Indicators:

PDF downloads from suspicious sources followed by unusual outbound connections

SIEM Query:

source="android_logs" app="com.adobe.reader" (event="file_access" AND path CONTAINS "../")

📊 Metadata

CVE ID: CVE-2021-40724

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-22

Published: October 15, 2021

Last Updated: November 21, 2024

🔗 References

https://helpx.adobe.com/security/products/reader-mobile/apsb21-89.html Patch,Vendor Advisory
https://helpx.adobe.com/security/products/reader-mobile/apsb21-89.html Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-40724, you might also want to check these: