A vulnerability has been discovered in the popular and widely utilized Foxit PDF Reader software; specifically through its browser plug-in which is installed by default in Firefox, Chrome, Opera and Safari.
Ironically, Foxit has always billed itself as the “secure” PDF reader. The vulnerability has been detailed in a Secunia Advisory and, because of its ability to be exploited remotely to gain system access, is rated “Highly Critical”.
Apparently, the Foxit developers have identified the flaw and are currently working on a patch. In the meantime, a Foxit representative has advised all users to avoid the Foxit browser plug-in for Firefox, Chrome, Opera or Safari and suggested using Internet Explorer to view online PDF files instead.
Chaitanya Sharma, advisory team lead at Secunia, offers similar advice… “We have confirmed the vulnerability using Firefox, Opera, and Safari. At the moment the best mitigation is to disable this add-on in browsers and use other software.”
Affected versions: Latest version 220.127.116.118 – confirmed. Older versions – suspect.
**If you are a Foxit Reader user, you should disable the Foxit plug-in in all affected browsers now! Also, keep an eye out for an updated version which includes the patch and install as soon as available.