The US Cybersecurity & Infrastructure Security Agency (CISA) is recommending that all users of Foxit's PhantomPDF reader update their software immediately following the disclosure of four serious vulnerabilities.
In its latest vulnerability summary, the agency warned users of a number of high, medium and low severity vulnerabilities in a number of different popular software products including PhantomPDF.
PhantomPDF by Foxit is a popular PDF editor that allows users to create and edit PDFs, export PDFs, convert paper documents into PDFs and collaborate with others. One of the biggest selling points of the company's PDF editor is that it can be purchased as a standalone product as the company has eschewed the SaaS model popularized by Adobe and Microsoft.
- We've put together a list of the best free PDF editors
- These are the best free PDF readers on the market
- Also check out our roundup of the best Microsoft Office alternatives
Foxit's PDF software contains four high severity vulnerabilities with a CVSS rating of 7.5. Two of which are use-after-free bugs while another is an out-of-bounds write and the last is a write access violation.
Use-after-free vulnerabilities occur when an application re-reads memory that has been reallocated by the system to another program or operation. Theoretically an attacker could exploit one of these vulnerabilities to insert malicious code into the right memory area and this code would then be read by the application and executed.
Thankfully though, Foxit has addressed all four vulnerabilities in PhantomPDF with the release of version 10.1 of its software. Windows and Mac users running an older version of the software should visit Foxit's website to download and install the latest version to avoid falling victim to any potential attacks.
Cybercriminals often prey on users that have yet to update their software which is why you should install the latest updates when they become available regardless of whether an application works as intended already.
- We've also highlighted the best antivirus software
Via The Register