Cyber security news for all

More

    Dangerous vulnerabilities have been found in the popular Foxit Reader

    Foxit Reader has released security updates for the Windows editions of its PDF tools. Programs are now available in the latest version. A number of vulnerabilities were removed, several of which would have enabled remote code execution under certain conditions.

    The error is in the java script function. It accepts strings from any source because it has no way to validate them. For example, an attacker could create a string and pass it to the function. To do this, the program sends a phishing email that looks as if it came from a legitimate website. The attacker then waits for the recipient to open the attachment, which is presented like an order confirmation. Using the function, it can then take control of the victim’s PC remotely.

    The attack starts when the target opens an email attachment that looks like confirmation of the purchase of a book. The document contains a hidden HTML file written in script that is executed when the document is saved and can cause the PC to crash.

    Do Not Open Every File Attachment

    The researchers who found the vulnerabilities therefore recommend all users not to open suspicious looking file attachments, to activate Safe Reading Mode and to deactivate Java script in the Foxit Reader settings. However, this limits the functionality of the program.

    With the update to version 9.7.2, the provider closes several security gaps. As can be seen from the manufacturer’s comments, these could potentially be exploited to run arbitrary code on the affected system. This can be done, for example, using JavaScript code or using watermarks and text fields. Users who have installed Foxit Reader should already be provided with version 9.7.2 using the built in update function.

    Recent Articles

    macOS Trojans: Traces lead to Vietnam

    Security researchers have discovered a new macOS Trojans. Behind this could be a well known hacker group that has spied on Vietnamese dissidents in...

    Court forces Tutanota to perform a surveillance function

    Tutanota email only stores its user mails in encrypted form and cannot read them itself. Tutanota is one of the few email providers that...

    Manchester United have been blackmailed by cyber attackers

    The Premier League club Manchester UnitedĀ fell victim to a cyber attack according to the Daily Mail. The cyber criminals are apparently demanding ransom in...

    TikTok has fixed a serious security gap issue

    TikTok accounts paid a researcher a reward of 4000 dollars after he reported two vulnerabilities as part of a disclosure. A combination of both...

    Passwords should be changed for Fortinet VPNs

    Administrators should change the access for Fortinet VPNs in use. Log-in information for almost 50,000 VPN networks has appeared in various cyber blogs. A security...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox