Adobe Security Bulletin

Security update available for Adobe Acrobat Android | APSB24-50

Bulletin ID

Date Published

Priority

APSB24-50

June 11, 2024

3

Summary

Adobe has released a security update for Adobe Acrobat Android. This update addresses important vulnerabilities. Successful exploitation could lead to security feature bypass.

Affected Versions

Product

Affected Versions

Platform

Acrobat Android

24.4.2.33155 and earlier versions

All Android versions

Solution

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version.  

Product

Updated Versions

Platform

Priority Rating

Availability

Acrobat Android

24.5.0.33694

Android

3

Download link
    

Vulnerability Details

Vulnerability Category Vulnerability Impact Severity CVSS base score CVSS vector CVE Number
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Security feature bypass
Important 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
CVE-2024-34129
Improper Authorization (CWE-285)
Security feature bypass
Important 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2024-34130

Acknowledgements

Adobe would like to thank the following researcher for reporting this issue and for working with Adobe to help protect our customers:   

  • Oversecured  --CVE-2024-34129, CVE-2024-34130

NOTE: Adobe has a private, invite-only, bug bounty program with HackerOne. If you are interested in working with Adobe as an external security researcher, please fill out this form for next steps.

For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.

Get help faster and easier

New user?