The new versions of Foxit PDF software fix vulnerabilities that attackers could use to inject malicious code into their victims with manipulated files. With specially crafted PDF files, such as on websites or as email attachments, attackers could inject arbitrary code that runs when the files are opened in Foxit PDF software. The manufacturer fixes these vulnerabilities in the updated versions.

The vulnerabilities affect Foxit PDF Reader and Foxit PDF Editor for Windows versions prior to the current 11.2.1. Mac applications prior to 11.1.1 also contain a vulnerability that attackers could exploit to inject malware. Vulnerabilities in PDF software are perfidious: Since PDF files are generally considered harmless, they are filtered out less often as e-mail attachments and therefore potentially pose a greater risk than, for example, manipulated Office files.

Numerous vulnerabilities

One vulnerability allows a use-after-free attack in the processing of embedded annotation or document objects in a PDF file could lead to the execution of smuggled code (CVE-2021-40420). However, manipulated JPEG2000 or JP2 files can also lead to the execution of malicious code during processing.

Other vulnerabilities only appear when users want to make changes to documents, for example when converting them to Office documents or removing pages from documents with JavaScript API functions. For example, a vulnerability in Foxit PDF for Mac can allow malicious code to run because a page item is not deleted in time when the user removes a page.

Users and administrators should install the updates quickly.

Read more regarding the security issues in the security bulletin.

Update your Foxit applications to the latest versions via the Help tab of Foxit Reader or Foxit PhantomPDF, click on Check for Updates and update to the latest version.