Even so, last week a Belgian researcher released proof-of-concept attack code that doesn't rely on JavaScript and can trigger the bug without requiring the user to actually open a malformed PDF.Īdobe plans to patch Version 9 of Reader and Acrobat March 11, and Versions 7 and 8 of the applications on March 18. The Foxit PDF Sign Bundle is available for a subscription of 149/year. Also a one time purchase, Foxit PDF Editor Pro (Windows only) is available for 179. For its part, Adobe has recommended that users disable JavaScript capabilities in Reader and Acrobat until a patch is available. At a one time purchase, Foxit’s PDF plans for both Windows and Mac are available for 159, or 49.99 per year for a Cloud hosted version. Ironically, some experts have urged users to discard Adobe Reader for Foxit or other free PDF-viewing applications. One of the vulnerabilities can trigger a buffer overflow, while the other could be used by attackers to circumvent security warnings.įoxit has posted patched versions of Foxit 3.0 and Foxit 2.3 on its Web site. 18 by Core Security Technologies, a developer of penetration testing software. The remaining two bugs in Foxit were reported Feb. Kristensen declined to offer more information on the Foxit flaw, or the path that Secunia researchers took in finding it. If you are using Foxit Reader and remove pages on your PDF, follow the steps. Secunia reported the bug to Foxit on Feb. Foxit Reader helps you simplify your day to day PDF activities and modification. ![]() Foxit Reader comes equipped with comprehensive protection against security vulnerabilities. Foxit Reader is the only high volume PDF reader providing a complete PDF creation solution, providing the power of PDF creation to every desktop. ![]() "We did, however, start the research in Foxit out of curiosity based on the Adobe vulnerability, and discovered this new vulnerability," Kristensen said. Foxit Reader is a feature rich PDF viewer which allows you to open, view, sign, and print any PDF file. It was Adobe's confirmation of its bug that prompted Secunia researchers to dig into other PDF viewers. "It is a completely different vulnerability related to JBIG2," Kristensen said in an e-mail today. The Foxit and Adobe bugs are unrelated, however, except for the fact that they are both in the code that parses JBIG2 images, said Thomas Kristensen, chief technology officer at Secunia, the Danish company that reported the flaw to Foxit.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |