Foxit Software program has issued crucial safety updates for its broadly used PDF options, Foxit PDF Reader and Foxit PDF Editor.
The updates—Foxit PDF Reader 2024.4 and Foxit PDF Editor 2024.4/13.1.5—had been launched on December 17, 2024, to counter vulnerabilities that might depart customers uncovered to distant code execution (RCE) assaults.
Particulars of the Vulnerabilities
The safety flaws addressed on this replace embody Use-After-Free vulnerabilities within the dealing with of sure parts, similar to AcroForms, checkbox objects, and 3D web page objects.
Exploiting these flaws may enable an attacker to execute arbitrary code remotely on a sufferer’s system. These vulnerabilities are tracked below the next identifiers:
Examine Actual-World Malicious Hyperlinks, Malware & Phishing Assaults With ANY.RUN – Attempt for Free
The issues had been reported by Mat Powell of Pattern Micro Zero Day Initiative (ZDI) and KPC of Cisco Talos, each of whom disclosed that the problems stem from improper reminiscence validation, similar to the usage of wild or null pointers.
Exploitation may end in utility crashes or, within the worst-case situation, allow malicious actors to take management of affected programs.
The vulnerabilities particularly impression Foxit PDF Reader and Editor software program operating on Home windows working programs.
No studies have but confirmed lively exploitation of those vulnerabilities within the wild, however as a result of crucial nature of those flaws, customers are strongly inspired to replace instantly.
Foxit strongly advises all customers of its PDF Reader and Editor software program to improve to the newest model to mitigate these vulnerabilities.
To replace the software program, customers operating Model 2023.1 or increased ought to open Foxit PDF Reader or Foxit PDF Editor, navigate to the “Assist” menu, and choose “About Foxit PDF Reader” or “About Foxit PDF Editor.”
From there, they’ll click on on “Verify for Replace” to put in the newest model. For these utilizing Model 13 of Foxit PDF Editor, the method is comparable.
Open the appliance, go to the “Assist” menu, choose “About Foxit PDF Editor,” and click on on “Verify for Replace.”Alternatively, customers can obtain the up to date model instantly from Foxit’s official web site to make sure they’re operating probably the most safe and secure launch of the software program.
Alternatively, customers can obtain the up to date variations instantly from Foxit’s official web site.
Given the potential for attackers to use these vulnerabilities and execute distant code, it’s crucial for customers to replace their Foxit purposes instantly. Holding software program present is among the only measures to safeguard towards cyber threats.
2024 MITRE ATT&CK Analysis Outcomes for SMEs & MSPs -> Obtain Free Information