Windows/macOS: Vulnerabilities in Foxit PDF Reader and PDF Editor (July 2022)

Sicherheit (Pexels, allgemeine Nutzung)[German]Both Foxit PDF Reader and Foxit PDF Editor contain security vulnerabilities that have been assigned a CVSS Base Score of 10.0. Anyone using these products in the Windows or macOS environment should take care of the corresponding product updates as soon as possible. Here is some information on the topic – thanks to blog reader Helmut S. for the corresponding tip (Foxit has not been on my radar for a while).


CERT-Bund Germany warns

There is this warning from CERT-Bund dated August 9, 2022 about several vulnerabilities in Foxit PDF Reader and PDF Editor. Affected are:

  • Foxit Reader < 12.0.1
  • Foxit PDF Editor < 12.0.1

in the respective Windows version. It states:

A remote, anonymous attacker can exploit multiple vulnerabilities in Foxit Reader and Foxit PDF Editor to execute arbitrary code, disclose sensitive information, and cause a denial of service condition.

The vulnerabilities allow remote attack via compromised documents to Windows clients.

Foxit Security Bulletin

The vendor Foxit has already published the corresponding warning on its Security Bulletins website as of July 29, 2022. I'll copy this out, since no linking is possible.

Security updates available in Foxit PDF Reader 12.0.1 and Foxit PDF Editor 12.0.1

Release date: July 29, 2022

Platform: Windows


Foxit has released Foxit PDF Reader 12.0.1 and Foxit PDF Editor 12.0.1, which address potential security and stability issues.

Affected versions

Foxit PDF Reader (previously named Foxit Reader) and earlier

Foxit PDF Editor (previously named Foxit PhantomPDF), and all previous 11.x versions, and earlier

Notes on the six problem areas, each with multiple vulnerabilities, can be found in the Security Bulletins. Users of FoxIt on macOS should also throw in the security advisory Security updates available in Foxit PDF Editor for Mac 12.0.1 and Foxit PDF Reader for Mac 12.0.1 from the same date.


Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *