This popular PDF software needs to be updated ASAP

PDF
(Image credit: Kaspersky)
Audio player loading…

The US Cybersecurity & Infrastructure Security Agency (CISA (opens in new tab)) is recommending that all users of Foxit's PhantomPDF reader update their software immediately following the disclosure of four serious vulnerabilities.

In its latest vulnerability summary (opens in new tab), the agency warned users of a number of high, medium and low severity vulnerabilities in a number of different popular software products including PhantomPDF. 

PhantomPDF by Foxit is a popular PDF editor (opens in new tab) that allows users to create and edit PDFs, export PDFs, convert paper documents into PDFs and collaborate with others. One of the biggest selling points of the company's PDF editor is that it can be purchased as a standalone product as the company has eschewed the SaaS (opens in new tab) model popularized by Adobe and Microsoft.

PhantomPDF vulnerabilities

Foxit's PDF software (opens in new tab) contains four high severity vulnerabilities with a CVSS rating of 7.5. Two of which are use-after-free bugs while another is an out-of-bounds write and the last is a write access violation. 

Use-after-free vulnerabilities occur when an application re-reads memory that has been reallocated by the system to another program or operation. Theoretically an attacker could exploit one of these vulnerabilities to insert malicious code into the right memory area and this code would then be read by the application and executed.

Thankfully though, Foxit has addressed all four vulnerabilities in PhantomPDF with the release of version 10.1 of its software. Windows and Mac users running an older version of the software should visit Foxit's website (opens in new tab) to download and install the latest version to avoid falling victim to any potential attacks.

Cybercriminals often prey on users that have yet to update their software which is why you should install the latest updates when they become available regardless of whether an application works as intended already.

Via The Register (opens in new tab)

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.