In association with heise online

23 June 2009, 11:32

Security update for Foxit Reader

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Foxit Software has released a new version of Foxit Reader, a popular alternative to Adobe's Acrobat PDF Reader, to address two security vulnerabilities. According to the report, a problem when reading JPX (JPEG2000) streams in PDF documents could allow an attacker to remotely execute malicious code. For an attack to be successful, a victim must first be tricked into opening a specially crafted PDF document. Foxit Reader, only supports these streams if the user has installed the associated add-on, but if the add-on is not installed users are automatically prompted to install it when opening such a document.

The vulnerabilities have been fixed in Foxit Reader 3.0 Build 1817 and in version 2.0.2009.616 of the JPX add-on. All users are advised to update to the latest release by selecting the included "Check Updates Now" function in the Reader help menu to check for the current version of their installed add-ons. Additionally, disabling JavaScript in Foxit Reader (Edit / Preferences / JavaScript) can also reduce additional security risks.

Adobe has now also released an update for the Unix versions of the Adobe reader to address several previously reported security issues.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit