Site icon The Cybersecurity Daily News

Foxit Reader Patched for Critical RCE Bug Hackable By Malicious PDFs

Foxit

CyberDaily: cybersecurity news

In the latest vulnerability developments, Foxit has released security fixes for a Remote Code Execution(RCE) bug in its PDF reader.

Tracked as CVE-2021-21822, it has been rated as a high severity security vulnerability that had the potential to execute malicious code on a system.

Foxit Software critical security vulnerability:

Foxit Software is a software developer based in the United States and China that develops Portable Document Format software and tools used to create, edit, sign, and secure files and digital documents.

The software organization has reportedly more than 650 million users from all around the globe with its software employed by more than 100,000 customers.

Detailing the Foxit vulnerability, it was found to be a result of a Use After Free flaw in the V8 JavaScript engine.

The V8 JavaScript engine is utilized by Foxit Reader to display interactive document items and dynamic forms.

Once the use after free bugs are exploited successfully, a slew of unexpected programs ranging from crashing, data corruption to arbitrary code execution can be operated on a victim’s Windows system.

Also read,

This can ultimately lead to a potential system takeover in a case of severe cybersecurity hazard.

The security hole is caused by the manner in which the Foxit Reader app and browser extensions manage certain annotation categories, which could be exploited by threat actors to design malicious PDFs that can trigger the reuse of formerly spare memory.

All that an attacker need is to dupe a target victim into opening a malicious file or site to trigger the bug if the browser plugin extension is enabled.

Addressing and patching multiple vulnerabilities:

The vulnerability impacts Foxit Reader 10.1.3.37598 and earlier versions, and it was addressed with the release of Foxit Reader 10.1.4.37651.

Foxit fixed several other security bugs impacting previous Foxit Reader versions in the latest release, exposing users’ devices to denial of service, remote code execution, information disclosure, SQL injection, DLL hijacking, and other vulnerabilities.

The complete list of security fixes in the Foxit Reader 10.1.4 release includes:

Foxit recommends it users update their versions to the latest releases to mitigate any security concerns.

Exit mobile version