Eighteen vulnerabilities have been disclosed in Foxit PDF
Reader, a commonly used alternative to Adobe Acrobat Reader, which
is a widely used browser plugin, according to Cisco Talos.
“Foxit PDF Reader is one of the most
popular free tools for viewing, commenting on and editing PDF documents. Due to
the popularity of the PDF file format, users gravitate towards free readers and
editors as alternatives to products like Adobe Acrobat,” said Timur Kovalev, chief technology officer at Untangle.
One of the vulnerabilities,
TALOS-2018-0607/CVE-2018-3940, is an exploitable use-after-free flaw in the
JavaScript engine that could enable remote code execution. “As a feature-rich
PDF reader, Foxit supports JavaScript for interactive documents and dynamic
forms. When executing embedded JavaScript code, a document can be closed, which
frees numerous used objects, but the JavaScript can continue to execute,
potentially leading to a user-after-free condition,” Cisco Talso researcher
Aleksandar Nikolic wrote in a blog post.
“These are critical vulnerabilities that could lead
to code execution – meaning a hacker could create a malicious PDF that, when
opened, could install malware on the device. Since Foxit PDF also offers a
browser plugin, users could unknowingly activate the vulnerability by viewing
the document in a web browser,” Kovalev said.
Nikolic also listed Snort rules that can
currently be used to detect exploitation attempts, though he noted that the
current rules are subject to change. In addition, a patch is available for the 18 vulnerabilities disclosed.
“It is critical for any person or business
using the Foxit products to immediately upgrade to the newest version to ensure
the vulnerabilities are
patched. Browser plugins have led to hackers exploiting weaknesses in the past,
so it is important users understand the risk of enabling plugins,” Kovalev added.
“Always check the credentials of the
software publisher, and ensure that unnecessary plugins are uninstalled. Hackers are always looking for
the weakness in a product, network or device, so ensuring your systems are up
to date and businesses are proactively protecting their employees and networks
from the latest threats are crucial steps to stay one step ahead.”
No comments:
Post a Comment