0.1 C
New York
Sunday, December 1, 2024

Foxit PDF Reader Vulnerability Let Attackers Execute Arbitary Code


Researchers lately disclosed six new safety vulnerabilities throughout numerous software program, as one vital vulnerability was present in Foxit PDF Reader, a extensively used different to Adobe Acrobat. 

Given the reminiscence corruption vulnerability, attackers may execute arbitrary code on the machine that’s the goal of their assault. 

Moreover, three vulnerabilities had been found in Veertu’s Anka Construct, a software program suite used for testing macOS or iOS functions in CI/CD environments, which may probably compromise the safety of the testing setting.

– Commercial –
EHAEHA

Foxit PDF Reader has been recognized with a vital use-after-free vulnerability, which malicious actors may exploit to execute arbitrary code on a focused system. 

The vulnerability may be exploited if a consumer opens a specifically crafted PDF file or visits a malicious web site whereas the Foxit PDF Reader browser extension is enabled.

Analyse Any Suspicious Hyperlinks Utilizing ANY.RUN’s New Protected Searching Device: Strive for Free

Attackers can exploit the vulnerability to deprave reminiscence and acquire management of the machine that’s affected by the vulnerability by manipulating the JavaScript content material of the PDF.

Throughout the G Structured File Library (libgsf) that’s a part of the GNOME mission, there have been found two vital vulnerabilities which have the potential to lead to distant code execution. 

These vulnerabilities, TALOS-2024-2068 (CVE-2024-36474) and TALOS-2024-2069 (CVE-2024-42415), come up from integer overflows throughout array index manipulation and sector allocation desk processing, respectively. 

As a way to benefit from these vulnerabilities, an attacker may entice a consumer to open a file that has been maliciously crafted, which might enable the attacker to probably acquire unauthorized entry to the system.

Three vital vulnerabilities have been recognized in Veertu’s Anka Construct software program, the place two of those vulnerabilities are listing traversal points (TALOS-2024-2059 and TALOS-2024-2061) that might enable an attacker to entry unauthorized information by sending specifically crafted HTTP requests. 

By profiting from a software program replace mechanism, a low-privileged consumer may probably acquire root entry by way of a vulnerability generally known as TALOS-2024-2060, which is a privilege escalation vulnerability. 

In accordance with Ciso Talos, customers of Anka Construct are presently uncovered to important safety dangers on account of these vulnerabilities, which require speedy consideration with the intention to stop any potential exploitation.

Methods to Defend Web sites & APIs from Malware Assault => Free Webinar

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles