Foxit PDF applications are vulnerable under macOS and Windows. Security updates are available. Attackers can attack systems on which Foxit PDF Editor or Reader is installed due to vulnerabilities in the software. For a successful attack, however, victims must open PDF files containing malicious code.

Security problems

The security section of the Foxit website shows that PDF files with interactive forms based on the XML Forms Architecture (XFA) standard can be manipulated. How this can be done in detail is not currently known.

If attackers get victims to open such a file, the processing of the XFA elements leads to errors and attackers can, among other things, execute their own commands in the system. The developers do not provide any CVE numbers in connection with this problem. As a result, a standardized classification of the risk is currently not possible.

Are malicious code attacks possible?

Manipulations of PDF forms with AcroForms elements are also conceivable. Opening such a file leads to memory errors and crashes. In such a case, malicious code can usually also be executed. The classification of the threat level of the vulnerabilities (CVE-2024-49576, CVE-2024-47810) is currently pending.

Furthermore, attackers can gain higher user rights and execute code with system rights. To do this, they must slip victims a specially prepared DLL file in a way that is not described in detail.

The developers say that they have prepared the following versions under macOS and Windows against the attacks described:

Foxit PDF Editor 2024.4/13.1.5, 12.1.9/11.2.12, 12.1.7/11.1.11 Foxit Reader 2024.4

All previous versions are said to be vulnerable. The applications usually search for new versions automatically. Alternatively, you can manually initiate an update under Help - About Foxit PDF Reader.