Dave's Computer Tips is your FREE how-to, tips, tricks, and news source for computers, mobile devices, and technology!

Foxit Reader critical security flaw discovered!

January 16, 2013
Categories: Freeware, Security
Tags: , ,
by Jim Hillier
foxit reader logoA vulnerability has been discovered in the popular and widely utilized Foxit PDF Reader software; specifically through its browser plug-in which is installed by default in Firefox, Chrome, Opera and Safari.

Ironically, Foxit has always billed itself as the “secure” PDF reader. The vulnerability has been detailed in a Secunia Advisory and, because of its ability to be exploited remotely to gain system access, is rated “Highly Critical”.

Apparently, the Foxit developers have identified the flaw and are currently working on a patch. In the meantime, a Foxit representative has advised all users to avoid the Foxit browser plug-in for Firefox, Chrome, Opera or Safari and suggested using Internet Explorer to view online PDF files instead.

Chaitanya Sharma, advisory team lead at Secunia, offers similar advice… “We have confirmed the vulnerability using Firefox, Opera, and Safari. At the moment the best mitigation is to disable this add-on in browsers and use other software.”

Affected versions: Latest version 5.4.4.1128 – confirmed. Older versions – suspect.

**If you are a Foxit Reader user, you should disable the Foxit plug-in in all affected browsers now! Also, keep an eye out for an updated version which includes the patch and install as soon as available.

About the author
Jim Hillier
Managing Editor/Contest Coordinator of Daves Computer Tips - Jim is the resident freeware aficionado at DCT. A computer veteran with 30 years of experience. His first computer was a TRS-80 in the 1980s. He progressed through the Commodore series of computers before moving to PC's in the 1990s. Jim currently uses both XP and Win7. Jim has a passion for free software and hopes to share that passion with others during his tenure here!
 
Comments
chuck
January 19, 2013 at 7:19 am

Jim- In Chrome browser.is Foxit the plug-in labeled as “Chrome PDF Viewer”?
The path shown is > C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll <

Many Thanks

Reply
Jim Hillier
January 19, 2013 at 5:50 pm

Hi Chuck – I am not a Chrome user so I’m afraid my education there is rather limited. However, here’s how I see it:

The ‘Chrome PDF Viewer’ plug-in you refer to is actually Chrome’s own built-in viewer and, although it is built using Foxit PDF (SDK), it is not the actual Foxit plug-in. From what I could discover on the net; if this native Chrome plug-in is enabled, it overrides all others. Also, this built-in plug-in is run sandboxed by default which would largely (if not wholly) mitigate the threat.

In a nutshell; if you are using ‘Chrome PDF Viewer’ in Chrome, you don’t have too much to worry about.

Cheers… Jim

Reply
chuck
January 19, 2013 at 6:10 pm

Thanks Jim-much appreciated

Reply
Blacksmith
January 19, 2013 at 9:07 pm

Have just downloaded the latest version of Foxit reader with the patch applied (545.1141) including the Firefox plugin ver 2.2.3.111. Lets hope that fixes things!

Reply
Jim Hillier
January 19, 2013 at 9:15 pm

Thanks for the heads up Blacksmith. Nice to know the patched version is now available.

Cheers.. Jim

Reply
Leave a Reply

Subscribe to our Weekly Newsletter

Receive the DCT Weekly Recap direct to your inbox!

Enter your first name
Do you find our site helpful?

We pay over $250/mo out of pocket to keep DCT going. Your donations help keep this site FREE!

We Recommend These Items
344808_CrashPlan 10% Savings - 160x600
Amazing Amazon Deals
Recent Forum Posts
Hot Topics on Answers.com

 

PC By Answers.com
Learn More Here »
Search Daves Computer Tips
Sites We Like