Foxit has released version 12.1.1 of Foxit PDF Editor and Foxit PDF Reader

The new Foxit PDF updates patch high-risk vulnerabilities. There were security vulnerabilities in the Foxit PDF software, which attackers could have used to inject and execute malicious code with manipulated PDF files.

Foxit has now released version 12.1.1 of Foxit PDF Editor and Foxit PDF Reader, fixing several security vulnerabilities. Three of them are considered high-risk.

The three vulnerabilities classified as high risk might be use-after-free vulnerabilities. These can cause the application to crash and further the execution of injected code. It does this by using objects or pointers that were released when certain Java Scripts were executed in PDF files, as Foxit explains in the according security bulletin.

Another vulnerability could lead to unwanted information leakage when banner ads are clicked in Foxit PDF Reader due to insufficient encryption. However, the company does not provide a specific risk assessment.

The security related bugs affect Foxit PDF Reader for Windows 12.1.0.15250 and older versions and Foxit PDF Editor for Windows 12.1.0.15250, 11.2.4.53774 and 10.1.10.37854 and previous versions respectively.

The update to version 12.1.1 can be initiated in the program by clicking on Help and then About Foxit PDF Reader or About Foxit PDF Editor and there Check for updates. Alternatively, Foxit PDF Editor 12.1.1 and Foxit PDF Reader 12.1.1 are available for download from their respective download pages.

Recently, Foxit released security updates in PDF Editor and PDF Reader for Mac and Windows in November 2022. The manufacturer closed vulnerabilities that attackers could have used to inject and execute malicious code.