Add the popular Foxit Reader to the list of desktop software applications to be patched as a matter of priority.According to vulnerability research outfit Secunia, there's a "highly critical" vulnerability in the alternative PDF reader software that can be exploited by malicious hackers to take complete control of a target system.
Add the popular Foxit Reader to the list of desktop software applications to be patched as a matter of priority.
According to vulnerability research outfit Secunia, there's a "highly critical" vulnerability in the alternative PDF reader software that can be exploited by malicious hackers to take complete control of a target system.
The vulnerability is confirmed in version 2.3 build 2825. Other versions may also be affected.
Secunia says vulnerability is fixed in an upcoming version 2.3 build 2912 but, inexplicably, the vulnerable build 2828 is currently being delivered from Foxit's download page (see image above).
For the average computer user, it's near impossible to keep up with patches for all the installed desktop applications. Some software vendors are using automatic updates to ensure patches are deployed in a timely manner but, unless you are savvy enough to keep an eye out for vulnerability warnings, chances are there's a vulnerable software on your machine, leaving you exposed to malicious hacker attacks.
There's no clear cut solution to handle client-side patch management but, for starters, I like to recommend Secunia's PSI (personal software inspector), a free utility that scans Windows machines in search unpatched software products. The tool works by by examining files on your computer (primarily .exe, .dll, and .ocx files) for meta information on specific software builds installed. After examining all the files on the machine, the collected data is sent to Secunia’s servers and matched against the Secunia File Signatures engine to determine the exact applications installed on your system.
The Secunia PSI can be used to flag insecure/end-of-life software and find direct download links to missing security updates. It monitors more than 4,200 desktop applications.