Hackers are Selling Exploits for Foxit Reader: Patch ASAP!
A threat actor has launched the sale of an exploit focusing on a vulnerability in Foxit Reader, a widely extinct PDF viewer.
This vulnerability can also potentially enable distant code execution, posing a important risk to millions of users worldwide.
Foxit has replied by releasing updates to patch these vulnerabilities.
Customers are instructed to update their application straight away to provide protection to against most likely attacks.
The Vulnerability in Detail
Foxit Reader, known for its mild-weight homicide and complete goal build, has change into a most celebrated more than a few to Adobe Reader. On the assorted hand, its standard snort also makes it a goal for cybercriminals.
Free Webinar : Mitigating Vulnerability & 0-day Threats
Alert Fatigue that helps no person as security teams wish to triage 100s of vulnerabilities. :
- The danger of vulnerability fatigue as of late
- Distinction between CVSS-snarl vulnerability vs risk-based fully fully vulnerability
- Evaluating vulnerabilities based fully fully on the enterprise impact/risk
- Automation to lessen alert fatigue and make stronger security posture vastly
AcuRisQ, that permits you to quantify risk precisely:
The vulnerability in quiz impacts Foxit PDF Reader 12.0.2 and earlier variations on Windows, as successfully as Foxit PDF Editor (previously named Foxit PhantomPDF) variations 12.0.2.12465 and earlier, alongside with all old 12. x and 11. x variations, and 10.1.9.37808 and earlier.
On the macOS platform, affected application involves Foxit PDF Editor for Mac 12.0.1.0720, 12.0.0.0601, 11.1.3.0920, and earlier, as successfully as Foxit PDF Reader for Mac 12.0.1.0720 and earlier variations.
The Threat Actor’s Announcement
An unidentified threat actor has keep the exploit up within the marketplace. It reportedly permits for distant code execution by exploiting a vulnerability in Foxit Reader.
According to the announcement, the exploit operates by operating a malicious homicide when a specially crafted PDF file is opened and reloaded within the legitimate Reader, potentially permitting attackers to rob cling an eye on of affected systems.
According to the threat, Foxit has launched updates for its PDF application on each Windows and macOS platforms.
The updates, Foxit PDF Editor for Mac 12.0.2 and Foxit PDF Reader for Mac 12.0.2, alongside with Foxit PDF Reader 12.1 and Foxit PDF Editor 12.1 for Windows, address the protection and balance complications identified.
Affected Variations and Updates
Product | Affected Variations | Platform |
Foxit PDF Editor for Mac (previously PhantomPDF) | 12.0.1.0720, 12.0.0.0601, 11.1.3.0920 and earlier | macOS |
Foxit PDF Reader for Mac (previously Reader) | 12.0.1.0720 and earlier | macOS |
Foxit PDF Reader | 12.0.2.12465 and earlier | Windows |
Foxit PDF Editor (previously PhantomPDF) | 12.0.2.12465 and all old 12.x variations, 11.2.3.53593 and all old 11.x variations, 10.1.9.37808 and earlier | Windows |
Pressing Call to Movement
Customers of Foxit Reader and Foxit PDF Editor on each Windows and macOS platforms are strongly instructed to update their application to essentially the most modern variations straight away.
Doing so will patch the vulnerabilities and provide protection to against most likely exploits.
Foxit has made the updates on hand on its legitimate net pages, making certain users can without complications win admission to and install the a truly worthy application to stable their systems.
The announcement of an exploit sale focusing on Foxit Reader underscores the importance of affirming up-to-date application to provide protection to against cybersecurity threats.
By promptly making snort of essentially the most modern patches from Foxit, users can safeguard their systems from most likely distant code execution attacks.
As cyber threats evolve, staying instructed and vigilant is extra compulsory than ever.
No longer sleep so a long way on Cybersecurity news, Whitepapers, and Infographics. Be conscious us on LinkedIn & Twitter.
Source credit : cybersecuritynews.com