In association with heise online

10 August 2010, 09:47

Critical hole closed in Foxit Reader

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Foxit logo As previously announced, Foxit Software has now released version 4.1.1.0805 of its Reader product, closing a critical hole in its PDF reader application that could allow for arbitrary code to be injected into a system. The vulnerability was shown to exist when it was exploited by the JailbreakMe.com web site. The site uses a specially crafted PDF document to jailbreak Apple's iPhone (3G, 3GS and 4), iPod Touch (four generations) and iPad without the use of a PC. Jailbreaking gets around Apple's restrictions on what applications can be installed on the Apple devices.

The hole appears to be contained in the open source FreeType2 library used by Foxit Reader and the PDF readers of iOS devices use to display fonts. Apple has not yet released an update but is said to be working on one. Red Hat has already responded by updating its FreeType packages. As the FreeType library is in widespread use, other vendors are likely to release their own updates soon.

See also:

(crve)

Print Version | Send by email | Permalink: http://h-online.com/-1053040
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit