[German]Both Foxit PDF Reader and Foxit PDF Editor contain security vulnerabilities that have been assigned a CVSS Base Score of 10.0. Anyone using these products in the Windows or macOS environment should take care of the corresponding product updates as soon as possible. Here is some information on the topic – thanks to blog reader Helmut S. for the corresponding tip (Foxit has not been on my radar for a while).
Advertising
CERT-Bund Germany warns
There is this warning from CERT-Bund dated August 9, 2022 about several vulnerabilities in Foxit PDF Reader and PDF Editor. Affected are:
- Foxit Reader < 12.0.1
- Foxit PDF Editor < 12.0.1
in the respective Windows version. It states:
A remote, anonymous attacker can exploit multiple vulnerabilities in Foxit Reader and Foxit PDF Editor to execute arbitrary code, disclose sensitive information, and cause a denial of service condition.
The vulnerabilities allow remote attack via compromised documents to Windows clients.
Foxit Security Bulletin
The vendor Foxit has already published the corresponding warning on its Security Bulletins website as of July 29, 2022. I'll copy this out, since no linking is possible.
Security updates available in Foxit PDF Reader 12.0.1 and Foxit PDF Editor 12.0.1
Release date: July 29, 2022
Platform: Windows
Summary
Foxit has released Foxit PDF Reader 12.0.1 and Foxit PDF Editor 12.0.1, which address potential security and stability issues.
Affected versions
Foxit PDF Reader (previously named Foxit Reader) 12.0.0.12394 and earlier
Foxit PDF Editor (previously named Foxit PhantomPDF) 12.0.0.12394, 11.2.2.53575 and all previous 11.x versions, 10.1.8.37795 and earlier
Notes on the six problem areas, each with multiple vulnerabilities, can be found in the Security Bulletins. Users of FoxIt on macOS should also throw in the security advisory Security updates available in Foxit PDF Editor for Mac 12.0.1 and Foxit PDF Reader for Mac 12.0.1 from the same date.
Advertising
