Foxit patches PDF software flaws

Foxit patches PDF software flaws

Summary: The patch fixes vulnerabilities that could let an attacker to execute arbitrary code, compromise the integrity of PDF signatures or cause denial-of-service attacks.


Adobe isn't the only software maker struggling with security holes in its PDF rendering product.

Foxit Reader, oft touted as an alternative to Adobe's Reader/Acrobat products, has released a critical patch to cover multiple security flaws that expose users to malicious hacker attacks.

The patch, available in Foxit Reader 4.2, fix vulnerabilities that could let an attacker to execute arbitrary code, compromise the integrity of PDF signatures or cause denial-of-service attacks.

The updated version is available here.

Topics: Enterprise Software, Security, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • so, now you know

    It isn't just the big software providers who some love to dislike.
    Narr vi
    • Huh?

      @Narr vi [i]", now you know it isn't just the big software providers who some love to dislike. "[/i]

      Ummm... i don't recall R.N or D.D *ever* claiming Foxit or any of the other eReader developers were "invulnerable to attacks".

      Fact is, unlike Foxit, Adobe touts itself as the industry standard - and for the most part, that's true. Expectations rise and the bar is understandably raised when a vendor is in such a market position (analogy: i won't go into the semantics of how Microsoft has to deal with being the industry leader in OS development).

      All told, any publicity (good or unsavory) goes with the territory. If you feel that aggrieved .. why not put your money where your mouth is and do a [i]whip 'round[/i] for Adobe .. or better still .. just relax and chill out.
      • RE: Foxit patches PDF software flaws


        He was probably talking in general terms. I've seen people recommend FoxIt because of the security holes that keep on surfacing in Adobe's PDF client.

        But I've also said, all software has flaws and people who think that moving to another client will make flaws go away are na?ve.

        It's all about mitigation. Windows XP users are screwed because 99.99% of them run with administrative rights. That % is not as bad in corporate environments but it is why Windows XP has gotten such a bad reputation. Specifically, applications going out on the Net to fetch content being "jailbroken" (borrowing the term) and the client that looked at Net content then serving as a proxy for a malicious payload which then starts having free reign. You name it, keyboard loggers, spam bots, etc.

        Windows Vista/7 moved ignorant, ooops, uninformed users away from having an administrative account by default so you gain a significant measure of protection but you still aren't immune. Any file you can normally read/write to as yourself will be accessible to rogue code living inside of rigged content (PDF, video files, etc). A good place to start would be reading all your browser cookies. I can think of many other scenarios.

        I borrowed the term "jailbreak" to describe "arbitrary code execution". Very few *understand* what the latter term means, but yes John Q. Public, you can get screwed just by watching a video on the Net.

      • fair comments

        @betelgeuse68... [i]"It's all about mitigation.[/i]

        I'm glad we see eye-to-eye on that key point. Security by layers is a *must*.

        But, returning to the actual subject matter, PDF was "supposed" to have been a read only file format (enabled by default via an archive-bit - put in simplest terms). Fat chance of that now - what, with the major PDF players all seeming to be dead-set on bloat and excess plugin functionality (..if they haven't already implemented it). So, obviously, the departure from the initial concept / principle (i.e. read-only, by default) is both the crux and the root of the problem and woes.

        You know .. I was going to add to what you stated (and what we advocate and clearly agree on) by putting it to Joe Public to [i]"use common sense"[/i] in regards the overall user experience when computing. There's [i]just one[/i] small problem with that notion .. it's complete and utter bollocks! Truth be known, when it comes to most human endeavor (esp. where it involves "things computing") the term [i]common sense[/i] is essentially an oxymoron.

        On your last point .. i couldn't agree more about Joe Public needing to be ever more cautious .. but then it seems ignorance is (still) bliss.
    • FoxIt fix someone elses problem?

      @Narr vi
      The problem is that pdf seems to be a proprietary format and therefore has a lot of dark murky corners for malware or direct attacks to use. OpenSource allows companies, bored users and people that like their stuff to work and be secure to browse through and streamline stuff and deal with potential problems BEFORE being taken advantage of out in the wild.

      FoxIt appear to be fixing a problem they had no control over that was introduced by whoever designed the pdf format. I wonder who that would be?
      Regards from
      Tom :)
  • RE: Foxit patches PDF software flaws

    I think he's responding to all those "Adobe is a security nightmare! I'm glad I switched to Foxit Reader!" comments in previous talkbacks covering Adobe Reader flaws.
    D. W. Bierbaum
    • Perhaps

      @D. W. Bierbaum
      The truth is, I'm still very happy with Foxit - so much faster than Adobe on XP, Vista or 7 - and 1 significant security 'oops' for them vs countless for Adobe is no big deal. Now, if Foxit start making a habit of security problems, that will be a different matter. I left Adobe in the dust due to the habit they have of being insecure along with the fact that Foxit is just so much faster than the incredibly-bloated Adobe Acrobat.
  • RE: Foxit patches PDF software flaws

    ewet dedim ama neyse
    dogru deme
    tamam dedim