Cyber security news for all

More

    Dangerous vulnerabilities have been found in the popular Foxit Reader

    Foxit Reader has released security updates for the Windows editions of its PDF tools. Programs are now available in the latest version. A number of vulnerabilities were removed, several of which would have enabled remote code execution under certain conditions.

    The error is in the java script function. It accepts strings from any source because it has no way to validate them. For example, an attacker could create a string and pass it to the function. To do this, the program sends a phishing email that looks as if it came from a legitimate website. The attacker then waits for the recipient to open the attachment, which is presented like an order confirmation. Using the function, it can then take control of the victim’s PC remotely.

    The attack starts when the target opens an email attachment that looks like confirmation of the purchase of a book. The document contains a hidden HTML file written in script that is executed when the document is saved and can cause the PC to crash.

    Do Not Open Every File Attachment

    The researchers who found the vulnerabilities therefore recommend all users not to open suspicious looking file attachments, to activate Safe Reading Mode and to deactivate Java script in the Foxit Reader settings. However, this limits the functionality of the program.

    With the update to version 9.7.2, the provider closes several security gaps. As can be seen from the manufacturer’s comments, these could potentially be exploited to run arbitrary code on the affected system. This can be done, for example, using JavaScript code or using watermarks and text fields. Users who have installed Foxit Reader should already be provided with version 9.7.2 using the built in update function.

    Recent Articles

    Maze leaks data on its own platform

    The Maze ransomware has been up to almost a year and a half. This week, security experts warned about the actions of the cyber...

    Emotet to spread the malware behind email archives

    If you find an attached pack to an email these days, you should be particularly careful: the highly developed malware Emotet could be lurking...

    500,000 Activision accounts have been leaked

    Activision has taken a position on the alleged leak. According to the publisher, there has never been a data leak. In some cases it is...

    Judge issues injunction against WeChat

    The US government wanted to take action against the app WeChat. A judge stood sideways. The app should disappear from the platforms in the...

    Mail provider Tutanota becomes target of cyber attacks

    Over the weekend, ongoing DDoS attacks and an infrastructure problem resulted in downtime for hundreds of users. While some were able to mitigate most...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox