Peaches Posted June 23, 2009 Report Share Posted June 23, 2009 23 June 2009, 12:32Security update for Foxit Reader Foxit Software has released a new version of Foxit Reader, a popular alternative to Adobe's Acrobat PDF Reader, to address two security vulnerabilities. According to the report, a problem when reading JPX (JPEG2000) streams in PDF documents could allow an attacker to remotely execute malicious code. For an attack to be successful, a victim must first be tricked into opening a specially crafted PDF document. Foxit Reader, only supports these streams if the user has installed the associated add-on, but if the add-on is not installed users are automatically prompted to install it when opening such a document.The vulnerabilities have been fixed in Foxit Reader 3.0 Build 1817 and in version 2.0.2009.616 of the JPX add-on. All users are advised to update to the latest release by selecting the included "Check Updates Now" function in the Reader help menu to check for the current version of their installed add-ons. Additionally, disabling JavaScript in Foxit Reader (Edit / Preferences / JavaScript) can also reduce additional security risks.Adobe has now also released an update for the Unix versions of the Adobe reader to address several previously reported security issues.See also:Two Security Vulnerabilities Fixed in Foxit Reader 3.0 and JPEG2000/JBIG2 Decoder, security advisory from Foxit Software.Foxit Reader contains multiple vulnerabilities in the processing of JPX data, security advisory from US-CERT.Heise security - http://www.h-online.com/security/Security-...r--/news/113592 Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.