The US Cybersecurity & Infrastructure Security Agency (CISA) is recommending that every one customer of Foxit’s PhantomPDF reader update their software instantly following the disclosure of four serious vulnerabilities.
In its latest vulnerability summary, the agency warned users of a variety of excessive, medium and low severity vulnerabilities in a variety of different popular software products together with PhantomPDF.
PhantomPDF by Foxit is a popular PDF editor that enables users to create and edit PDFs, export PDFs, convert paper documents into PDFs and collaborate with others. One of many largest promoting factors of the company’s PDF editor is that it may be bought as a standalone product as the corporate has eschewed the SaaS model popularized by Adobe and Microsoft.
Foxit’s PDF software contains 4 high severity vulnerabilities with a CVSS rating of 7.5. Two of which are use-after-free bugs while one other is an out-of-bounds write and the last is a write entry violation.
Use-after-free vulnerabilities occur when an application re-reads memory that has been reallocated by the system to a different program or operation. Theoretically, an attacker could exploit one of these vulnerabilities to insert malicious code into the right memory area and this code would then be learned by the application and executed.
Fortunately, though, Foxit has addressed all four vulnerabilities in PhantomPDF with the discharge of model 10.1 of its software program. Windows and Mac customers running an older model of the software ought to go to Foxit’s web site to obtain and set up the latest model to avoid falling sufferer to any potential assaults.
Cybercriminals often prey on customers which have yet to update their software which is why you must set up the newest updates when they develop into accessible regardless of whether or not a utility works as intended already.