Users of the PDF reader Foxit must upgrade their software to Reader 9.3 and Foxit PhantomPDF 9.3 to correct over 100 flaws
Foxit Software has released update patches to correct more than 100 vulnerabilities in its popular PDF reader Foxit PDF. Many of the errors that the company addresses include a wide range of remote code execution vulnerabilities considered high-severity, as reported by experts in digital forensics.
Last Friday Foxit released fixes for the Foxit Reader 9.3 and Foxit PhantomPDF 9.3 software, which have patched 124 vulnerabilities. It is important to highlight that some of the addressed flaws overlap, so the number of exploitable vulnerabilities is actually lower. The 18.104.22.16897 and previous versions of Foxit Reader and Foxit PhantomPDF for Windows are affected.
Out of the recently revealed flaws, seven are vulnerabilities that allow remote code execution.
“A specially designed PDF document is sent to the victim to activate a previously released object in memory that will be reused, which activates arbitrary code execution”, the specialists mentioned. It should be noted that although all previous flaws occur at the same location, the execution methods are different, so separate codenames have been assigned for each vulnerability”, mentioned in the analysis.
These have been difficult days for PDF readers. Digital forensics specialists from the International Institute of Cyber Security report that Adobe has also launched patches for its services for reading, creating and managing PDF files. The company launched on Monday up to 47 patches targeting critical vulnerabilities that allow arbitrary code execution, including 22 off-limits writing flaws, seven critical overflow vulnerabilities, seven “after-free use” errors, three type confusion errors, three buffer flaws, three untrusted pointer unreferenced flaws, and a dual free vulnerability.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.