Tuesday, January 14, 2025

Foxit PDF Editor Vulnerabilities Permits Distant Code Execution


Foxit Software program has issued important safety updates for its broadly used PDF options, Foxit PDF Reader and Foxit PDF Editor.

The updates—Foxit PDF Reader 2024.4 and Foxit PDF Editor 2024.4/13.1.5—have been launched on December 17, 2024, to counter vulnerabilities that might go away customers uncovered to distant code execution (RCE) assaults.

Particulars of the Vulnerabilities

The safety flaws addressed on this replace embody Use-After-Free vulnerabilities within the dealing with of sure parts, corresponding to AcroForms, checkbox objects, and 3D web page objects.

– Commercial –
SIEM as a Service

Exploiting these flaws may enable an attacker to execute arbitrary code remotely on a sufferer’s system. These vulnerabilities are tracked beneath the next identifiers:

Examine Actual-World Malicious Hyperlinks, Malware & Phishing Assaults With ANY.RUN – Attempt for Free

The failings have been reported by Mat Powell of Pattern Micro Zero Day Initiative (ZDI) and KPC of Cisco Talos, each of whom disclosed that the problems stem from improper reminiscence validation, corresponding to using wild or null pointers.

Exploitation may end in software crashes or, within the worst-case state of affairs, allow malicious actors to take management of affected methods.

The vulnerabilities particularly impression Foxit PDF Reader and Editor software program working on Home windows working methods.

No experiences have but confirmed energetic exploitation of those vulnerabilities within the wild, however as a result of important nature of those flaws, customers are strongly inspired to replace instantly.

Foxit strongly advises all customers of its PDF Reader and Editor software program to improve to the most recent model to mitigate these vulnerabilities.

To replace the software program, customers working Model 2023.1 or larger ought to open Foxit PDF Reader or Foxit PDF Editor, navigate to the “Assist” menu, and choose “About Foxit PDF Reader” or “About Foxit PDF Editor.”

From there, they’ll click on on “Examine for Replace” to put in the most recent model. For these utilizing Model 13 of Foxit PDF Editor, the method is comparable.

Open the applying, go to the “Assist” menu, choose “About Foxit PDF Editor,” and click on on “Examine for Replace.”Alternatively, customers can obtain the up to date model instantly from Foxit’s official web site to make sure they’re working essentially the most safe and steady launch of the software program.

Alternatively, customers can obtain the up to date variations instantly from Foxit’s official web site.

Given the potential for attackers to take advantage of these vulnerabilities and execute distant code, it’s crucial for customers to replace their Foxit functions instantly. Preserving software program present is among the only measures to safeguard in opposition to cyber threats.

2024 MITRE ATT&CK Analysis Outcomes for SMEs & MSPs -> Obtain Free Information

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles

PHP Code Snippets Powered By : XYZScripts.com