Foxit Reader Update Patches Over 100 Vulnerabilities
4.10.2018 securityweek Vulnerebility
The newly released Foxit Reader 9.3 brings along patches for over 100 security flaws, including some that could result in remote code execution.
Developed by California-based Foxit Software, the Foxit Reader is a multilingual freemium tool that allows users to create, view, edit, digitally sign, and print Portable Document Format (PDF) files. According to the company, the reader has hundreds of millions of users.
The latest version of the reader, Foxit reveals in an advisory, brings patches for a broad range of vulnerabilities, including out-of-bounds, use-after-free, information disclosure, type confusion, and memory corruption bugs, the most severe of which could result in remote code execution.
Most of the remaining security vulnerabilities addressed with this update were discovered by security researchers working with Trend Micro's Zero Day Initiative.
The bugs are said to impact version 22.214.171.12497 and earlier of Foxit Reader and Foxit PhantomPDF and have been addressed with the release of Foxit Reader 9.3 and Foxit PhantomPDF 9.3.
The security updates arrived only days before Adobe released tens of patches for its own PDF tools. On Monday, the company announced the availability of Acrobat DC and Acrobat Reader DC (Continuous) 2019.008.20071, Acrobat 2017 and Reader DC 2017 (Classic 2017) 2017.011.30105, and Acrobat DC and Reader DC (Classic 2015) 2015.006.30456, which address a total of 86 vulnerabilities