Foxit Reader critical security flaw discovered!

A vulnerability has been discovered in the popular and widely utilized Foxit PDF Reader software; specifically through its browser plug-in which is installed by default in Firefox, Chrome, Opera and Safari.

Ironically, Foxit has always billed itself as the “secure” PDF reader. The vulnerability has been detailed in a Secunia Advisory and, because of its ability to be exploited remotely to gain system access, is rated “Highly Critical”.

Apparently, the Foxit developers have identified the flaw and are currently working on a patch. In the meantime, a Foxit representative has advised all users to avoid the Foxit browser plug-in for Firefox, Chrome, Opera or Safari and suggested using Internet Explorer to view online PDF files instead.

Chaitanya Sharma, advisory team lead at Secunia, offers similar advice… “We have confirmed the vulnerability using Firefox, Opera, and Safari. At the moment the best mitigation is to disable this add-on in browsers and use other software.”

Affected versions: Latest version 5.4.4.1128 – confirmed. Older versions – suspect.

**If you are a Foxit Reader user, you should disable the Foxit plug-in in all affected browsers now! Also, keep an eye out for an updated version which includes the patch and install as soon as available.

7 thoughts on “Foxit Reader critical security flaw discovered!”

  1. Jim- In Chrome browser.is Foxit the plug-in labeled as “Chrome PDF Viewer”?
    The path shown is > C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll <

    Many Thanks

    1. Hi Chuck – I am not a Chrome user so I’m afraid my education there is rather limited. However, here’s how I see it:

      The ‘Chrome PDF Viewer’ plug-in you refer to is actually Chrome’s own built-in viewer and, although it is built using Foxit PDF (SDK), it is not the actual Foxit plug-in. From what I could discover on the net; if this native Chrome plug-in is enabled, it overrides all others. Also, this built-in plug-in is run sandboxed by default which would largely (if not wholly) mitigate the threat.

      In a nutshell; if you are using ‘Chrome PDF Viewer’ in Chrome, you don’t have too much to worry about.

      Cheers… Jim

  2. Have just downloaded the latest version of Foxit reader with the patch applied (545.1141) including the Firefox plugin ver 2.2.3.111. Lets hope that fixes things!

  3. Jim:
    I’m running Foxit Reader version 6.0.5.0618; is the security flaw still a vulnerability?
    Thanks for the warning,
    Dan

    1. No, everything is okay now Dan. Foxit released a patch not longer this article was published, and newer versions (including yours) have fixed the vulnerability.

      Cheers… Jim

Comments are closed.

Exit mobile version

WHY NOT SUBSCRIBE TO OUR NEWSLETTER?

Get great content like this delivered to your inbox!

It's free, convenient, and delivered right to your inbox! We do not spam and we will not share your address. Period!