Foxit Reader, created by Foxit Software, has revealed the security update regarding a severe “Remote Code Execution” vulnerability. It affects the PDF reader and runs the malicious code on Windows systems, taking complete control. The brand has over 650 million users across 200 countries, and the software is being used by at least 100,000 clients. Its extensive enterprise list includes companies like Google, Lenovo, NASDAQ, Intel, Chevron, Dell, HP, British Airways, and Asus.
Know about the ‘Use After Free’ bug
Aleksandar Nikolic first detected a “Use After Free” bug (CVE-2021-21822) in the engine of V8 JavaScript. Foxit Reader uses it in displaying the interactive elements of the documents and dynamic forms. If the bug gets exploited successfully, it can give rise to unexpected things like data corruption, crashing of programs, arbitrary execution of codes, etc.
The flaw has some annotation types through which criminals can craft malicious PDFs. It permits running the arbitrary code using memory control. To enable, the attacker will trigger the user to open the file, following which it will get enabled. It results in impacting Foxit Reader 10.1.3.37598, etc., which was addressed after releasing Foxit Reader 10.1.4.37651. However, download the newest Foxit Reader version to fight against CVE-2021-21822.
Foxit Reader 10.1.4.37651: Fixing other vulnerabilities
Several other bugs are there, resulting in the disclosure of essential details, DLL hijacking, SQL injection, remote code execution, etc. All these bugs got fixed with the launch of 10.1.4 Foxit Reader.
- Problems appear while exporting some PDFs to other formats where the application gets unmask to Memory Corruption vulnerabilities.
- Issues as the application are being uncovered to “Arbitrary File Deletion” vulnerability because of improper access control.
- When the applications get exposed to Null Pointer Reference, Denial of Service, Out-of-Bounds Read, Type Confusion, Context Level Bypass, Buffer Overflow vulnerability gives a chance to execute more codes to issues.
- Problems can appear with the application being revealed to DLL Hijacking vulnerability after it was introduced. It exploited cybercriminals by executing a remote code.
Opt for a VPN
You must have heard about VPN as it is one of the suitable ways to stop hackers from attacking your system. Mejoresvpn is a suitable connection you can have to safeguard your credential data. It encrypts all your data being shared over the internet and offers high security. As a result, you can feel relaxed and not lose your mind over crucial data being hacked.