Foxit Reader, a highly popular software for opening PDF files, has published security updates to fix a high severity Remote Code Execution bug. If not fixed the vulnerability could be exploited by threat actors by sending malicious PDF files or links to targeted individuals that, when opened in FoxIt reader, would allow the attacker to download malware and take control of Windows computers. The use-after-free bug is being tracked as CVE 2021-21822 and was found by a researcher at Cisco Talos. The bug is in the V8 JavaScript engine used by Foxit Reader to display dynamic forms and interactive document elements. The security flaw is caused by how the Foxit Reader application and browser extensions handle certain annotation types. These can be abused by threat actors to craft malicious PDFs that will allow them to run arbitrary code via precise memory control. All the threat actors would need to do is trick the user into opening a malicious file or site, if the browser plugin is enabled, to trigger this vulnerability.
Analyst Notes
The vulnerability lies in Foxit Reader 10.1.3.37598 and earlier versions. The newest version of Foxit Reader, 10.1.4.37651 addressed these security issues and more. Anyone using Foxit Reader should ensure that they have their software up to date. As with any type of third-party software, whenever an update or security patch is released it is recommended that those are downloaded immediately.
More can be read here: https://www.bleepingcomputer.com/news/security/foxit-reader-bug-lets-attackers-run-malicious-code-via-pdfs/
