The recently announced Foxit Reader 9.3 carries along fixes for over hundred security vulnerabilities, containing some that could result in distant code implementation. Foxit Software developed by California-based, the Foxit Reader is a freemium multilingual tool that permits users to generate, view, edit, digitally sign, and printing of the Portable Document Format files. According to Foxit, the reader has about hundreds of millions of users.

Foxit discloses in an advisory that the recent version of the reader brings fixes for a wide range of flaws, containing use-after-free, out-of-bounds, details revelation, sort confusion, and memory fraud flaws, the most terrible of which could effect in distant code implementation.

Foxit states that the security flaws could be victimized when positioning strings, when implementing specific JavaScript, due to the utilization of targets which have been erased or closed, when managing definite properties of annotation objects, or at the time of initiating or processing harmful PDF documents.

Eighteen of the security flaws were revealed by security analysts with Cisco Talos, entirely of which could be victimized for either distant or absolute code implementation. The vulnerabilities influence the JavaScript engine of the Reader and can be victimized with the support of a particularly crafted, harmful PDF either open in the request itself or in a internet browser, if the plugin of the browser is modified.

Most of the continued security flaws stated with this update were detected by security analysts performing activities with the Trend Micro’s Zero Day Initiative. The vulnerabilities are said to influence version 9.2.0.9297 and prior of Foxit PhantomPDF, Foxit Reader and have been stated with the announcement of Foxit PhantomPDF 9.3. and Foxit Reader 9.3.

The security news appeared merely few days before Adobe announced tens of fixes for its own PDF tools. The firm released the availability of Acrobat Reader DC and Acrobat DC (Continuous) 2019.008.20071, Reader DC 2017 and Acrobat 2017 (Classic 2017) 2017.011.30105, and Reader DC and Acrobat DC (Classic 2015) 2015.006.30456, which mention a total number of eighty six security flaws.

Leave a Reply

Your email address will not be published. Required fields are marked *