The US Cybersecurity & Infrastructure Security Agency (CISA (opens in new tab)) is recommending that all users of Foxit's PhantomPDF reader update their software immediately following the disclosure of four serious vulnerabilities.
In its latest vulnerability summary (opens in new tab), the agency warned users of a number of high, medium and low severity vulnerabilities in a number of different popular software products including PhantomPDF.
PhantomPDF by Foxit is a popular PDF editor (opens in new tab) that allows users to create and edit PDFs, export PDFs, convert paper documents into PDFs and collaborate with others. One of the biggest selling points of the company's PDF editor is that it can be purchased as a standalone product as the company has eschewed the SaaS (opens in new tab) model popularized by Adobe and Microsoft.
- We've put together a list of the best free PDF editors (opens in new tab)
- These are the best free PDF readers (opens in new tab) on the market
- Also check out our roundup of the best Microsoft Office alternatives (opens in new tab)
Foxit's PDF software (opens in new tab) contains four high severity vulnerabilities with a CVSS rating of 7.5. Two of which are use-after-free bugs while another is an out-of-bounds write and the last is a write access violation.
Use-after-free vulnerabilities occur when an application re-reads memory that has been reallocated by the system to another program or operation. Theoretically an attacker could exploit one of these vulnerabilities to insert malicious code into the right memory area and this code would then be read by the application and executed.
Thankfully though, Foxit has addressed all four vulnerabilities in PhantomPDF with the release of version 10.1 of its software. Windows and Mac users running an older version of the software should visit Foxit's website (opens in new tab) to download and install the latest version to avoid falling victim to any potential attacks.
Cybercriminals often prey on users that have yet to update their software which is why you should install the latest updates when they become available regardless of whether an application works as intended already.
- We've also highlighted the best antivirus (opens in new tab) software
Via The Register (opens in new tab)