New Case Study: Threat Hunter finds renamed system utilities by file hash to uncover multiple attacks   

Read Case Study


Foxit Addresses Severe Flaws

October 8, 2018

With over 100 vulnerabilities needing to be addressed, Foxit released patches on Foxit Reader 9.3 and Foxit PhantomPDF 9.3. Eighteen of these vulnerabilities were found on Monday and received an 8.0 score by CVSSv3, which is high in severity. All of them were found in the JavaScript engine which completes the task of executing JavaScript code. “As a feature-rich PDF reader, Foxit supports JavaScript for interactive documents and dynamic forms,” said Cisco in its post. “When executing embedded JavaScript code, a document can be closed, which frees numerous used objects, but the JavaScript can continue to execute, potentially leading to a use-after-free condition.” Four additional use-after-free flaws were found and could lead to the leverage of arbitrary code. PDF readers have had many issues within the past week as Adobe also addressed 47 critical vulnerabilities.