Is Adobe Reader Mobile SDK (RMSDK) affected by the “heartbleed” bug?

Is Adobe Reader Mobile SDK (RMSDK) affected by the “heartbleed” bug?

You may have read about the “heartbleed bug” that is in the tech news recently. Before we get into a little bit of the details here, we want to let our ebook customers know that this should not have a major impact on your EPUB/PDF e-readers built with the Adobe Reader Mobile SDK (RMSDK) technology if you have followed the instructions to build your apps. If you happen to be using the affected versions of the OpenSSL framework to build your reader app, rebuilding with the recommended version of OpenSSL libraries should plug the security hole.

According to, the problem was discovered this week:

“A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server.

Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including
1.0.1f and 1.0.2-beta1.”

You can read about this online at: and

Datalogics build instructions for Adobe Reader Mobile SDK on various platforms recommend the use of version 1.0.0a; therefore if you are following the instructions, your software should not be affected by this issue. We recommend that you check the versions of OpenSSL you are using to make sure that you are not using the affected versions.

If you have any questions regarding this issue or other Adobe Reader Mobile SDK related issues and questions, do not hesitate to contact us at

2 thoughts on “Is Adobe Reader Mobile SDK (RMSDK) affected by the “heartbleed” bug?

  1. The CVE-2014-0160 does show two files associated with Adobe Reader XI 11.0.6 as Heartbeat vulnerable, specifically AcroRd32.ll and NPSWF32.dll.

    1. I believe that you are referring to Adobe Reader which is not related with the RMSDK which is what this blog post is about. I can only suggest to check the updates for Adobe Reader to see if there are any patches to the modules that you are concerned with.

Leave a Reply

Your email address will not be published.