With numerous reports, continuing to highlight the rise of malicious PDFs, in combination with DIY crimeware tools acts as a key driving force for the growth of cybercrime, end users and companies are constantly looking for ways to mitigate the risks posed by the ubiquitous PDF format.
This week, Adobe’s main competitor in respect to the timely introduced security features responding to in-the-wild threats, has once again reacted to the current cyber threat landscape, by introducing a new feature in the latest Foxit Reader v3.3.
More details on the new feature, including a test using a spamvertised malicious PDF relying on the /Launch command:
The Foxit Reader 3.3 enables users to allow or deny unauthorized actions and data transmission, including URL connection, attachments PDF actions, and JavaScript functions; efficiently avoiding the attack from malicious contents and viruses. Enables users to show or hide the Ask Search Button in the Preferences menu.
The “Enable Safe Reading Mode” feature is not just alerting the end user, it’s actually preventing any further interactions with the malicious PDF file. This is where the true usefulness of the feature really is, as you can see in the attached screenshot, using a spamvertised malicious PDF file, using the “/launch” command.
For a truly safe, PDF format experience, disabling JavaScript Actions from Tools -> Preferences -> JavaScript -> Disable JavaScript Actions, is also highly recommended.
Windows users running the Foxit Reader, in a combination with well configured NoScript for Firefox, least privilege accounts, decent host-based firewall, lack of any outdated third-party applications on their host, and sandboxing/isolated web browsing habits, mitigate a huge percentage of the currently active exploitation tactics used by cybercriminals.
So, what are you waiting for? The time has come to migrate to an alternative PDF reader.
