18 Vulnerabilities Found in Foxit PDF Reader
Eighteen vulnerabilities that were been discovered in Foxit PDF Reader, which is commonly used as an alternative to Adobe Acrobat Reader, which is the most used browser plugin globally, according to Cisco Talos.
“Foxit PDF Reader is one of the most popular free tools for viewing, commenting on and editing PDF documents. Due to the popularity of the PDF file format, users gravitate towards free readers and editors as alternative to products like Adobe Acrobat,” said Timur Kovalev, chief technology officer at Untangle.
One of these vulnerabilities which is TALOS-2018-0607/CVE-2018-3940, which is an exploitable use-after-free flaw in the JavaScript engine which could easily enable the remote code execution. “As a rich feature PDF reader, Foxit supports JavaScript for interactive documents and dynamic forms. Whenever executing the embedded JavaScript code, a document can be closed, which frees the numerous used objects, but the JavaScript code, a document can be closed, which frees several used objects, but the JS it continues to execute, it is potentially leading a user-after-free condition,” Cisco Talso researcher Aleksandar Nikolic wrote in a blog post.
“These are serious vulnerabilities that can allow the code to execution – it means that an attacker could easily create a malicious PDF that, whenever it is opened, it could install the malware on the device. Since the Foxit PDF also offers a huge browser plugin, that the user could unknowingly activate the vulnerability by viewing the document in a web browser,” Kovalev said.
Nikolic has also listed several rules that can be used to detect the exploitation attempts, well, he has also noted that the current rules are just a subject to change. In addition, a patch is available for the 18 vulnerabilities disclosed.
“It is very serious for any folk or a business that is using the Foxit products, it is well recommended to upgrade to the newest version to ensure the vulnerabilities are patched. The browser plugin have to led to the attacker for exploiting the weaknesses in the past, so it is very essential to the users to understand the risk associated to enabling the plugins,” Kovalev added.
“Always check the credentials of the software publisher, and ensure that unnecessary plugins are uninstalled. Hackers are always looking for the weaknesses in a product, network of device, so ensuring your systems are up to date and businesses are proactively their employees and networks form the latest threats are crucial steps to stay one step ahead.”