Skip to content

Security update for Foxit Reader

24-6-2009

Foxit Software has released a new version of Foxit Reader, a popular alternative to Adobe’s Acrobat PDF Reader, to address two security vulnerabilities. According to the report, a problem when reading JPX (JPEG2000) streams in PDF documents could allow an attacker to remotely execute malicious code. For an attack to be successful, a victim must first be tricked into opening a specially crafted PDF document. Foxit Reader, only supports these streams if the user has installed the associated add-on, but if the add-on is not installed users are automatically prompted to install it when opening such a document.

The vulnerabilities have been fixed in Foxit Reader 3.0 Build 1817 and in version 2.0.2009.616 of the JPX add-on. All users are advised to update to the latest release by selecting the included “Check Updates Now” function in the Reader help menu to check for the current version of their installed add-ons. Additionally, disabling JavaScript in Foxit Reader (Edit / Preferences / JavaScript) can also reduce additional security risks.

No comments yet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: