You may have read about the “heartbleed bug” that is in the tech news recently. Before we get into a little bit of the details here, we want to let our ebook customers know that this should not have a major impact on your EPUB/PDF e-readers built with the Adobe Reader Mobile SDK (RMSDK) technology if you have followed the instructions to build your apps. If you happen to be using the affected versions of the OpenSSL framework to build your reader app, rebuilding with the recommended version of OpenSSL libraries should plug the security hole.
According to OpenSSL.org, the problem was discovered this week:
“A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server.
Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including
1.0.1f and 1.0.2-beta1.”
Datalogics build instructions for Adobe Reader Mobile SDK on various platforms recommend the use of version 1.0.0a; therefore if you are following the instructions, your software should not be affected by this issue. We recommend that you check the versions of OpenSSL you are using to make sure that you are not using the affected versions.
If you have any questions regarding this issue or other Adobe Reader Mobile SDK related issues and questions, do not hesitate to contact us at firstname.lastname@example.org.