18 Vulnerabilities Found in Foxit PDF Reader
“Foxit PDF Reader is one of the most popular free tools for viewing, commenting on and editing PDF documents. Due to the popularity of the PDF file format, users gravitate towards free readers and editors as alternatives to products like Adobe Acrobat,” said Timur Kovalev, chief technology officer at Untangle.
“These are critical vulnerabilities that could lead to code execution – meaning a hacker could create a malicious PDF that, when opened, could install malware on the device. Since Foxit PDF also offers a browser plugin, users could unknowingly activate the vulnerability by viewing the document in a web browser,” Kovalev said.
Nikolic also listed Snort rules that can currently be used to detect exploitation attempts, though he noted that the current rules are subject to change. In addition, a patch is available for the 18 vulnerabilities disclosed.
“It is critical for any person or business using the Foxit products to immediately upgrade to the newest version to ensure the vulnerabilities are patched. Browser plugins have led to hackers exploiting weaknesses in the past, so it is important users understand the risk of enabling plugins,” Kovalev added.
“Always check the credentials of the software publisher, and ensure that unnecessary plugins are uninstalled. Hackers are always looking for the weakness in a product, network or device, so ensuring your systems are up to date and businesses are proactively protecting their employees and networks from the latest threats are crucial steps to stay one step ahead.”
Source: Information Security Magazine