Foxit Software has released updates for its widely used Foxit PDF Reader and Foxit PDF Editor, addressing critical security vulnerabilities that could allow attackers to execute remote code.
The updates, version 2024.4 for both products, were made available on December 17, 2024, and are strongly recommended for all users.
Security researchers have identified several vulnerabilities, including CVE-2024-49576 and CVE-2024-47810, which can be exploited through maliciously crafted PDF files.
An attacker could trick a user into opening a specially designed PDF or visiting a malicious website. At the same time, the Foxit browser extension is enabled, leading to memory corruption and arbitrary code execution.
These issues stem from improper handling of objects such as AcroForms, checkbox elements, and 3D page objects in PDF files.
Sometimes, merely visiting a compromised website with Foxit’s browser plugin enabled could trigger the attack without user interaction.
Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free
The vulnerabilities affect the following versions of Foxit products on Windows:
- Foxit PDF Reader: Version 2024.3.0.26795 and earlier.
- Foxit PDF Editor: Versions 2024.3.0.26795 and all previous 2024.x versions, 2023.x versions (up to 2023.3.0.23028), 13.x versions (up to 13.1.4.23147), 12.x versions (up to 12.1.8.15703), and 11.x versions (up to 11.2.11.54113)[3][9].
The vulnerabilities pose significant risks, particularly if left unpatched:
Remote Code Execution: Attackers can execute arbitrary code by exploiting memory corruption.
Phishing Attacks: Users may be tricked into opening malicious PDFs via phishing emails or links.
Browser Plugin Risks: If the Foxit browser plugin is active, visiting a malicious website could launch an attack automatically.
Foxit has urged users to update their software immediately to mitigate these risks. The latest versions—Foxit PDF Reader 2024.4 and Foxit PDF Editor 2024.4/13.1.5—include fixes for these vulnerabilities and other stability improvements.
In addition to the remote code execution vulnerabilities, the updates address other security issues, including a privilege escalation flaw that could allow attackers to execute arbitrary code with SYSTEM privileges by exploiting weaknesses in the update process or plugin installation mechanism.
Updating Foxit PDF Reader/Editor
- Open the application, navigate to Help > About Foxit PDF Reader or About Foxit PDF Editor, and select Check for Update.
- Alternatively, download the updated versions directly from Foxit’s official website.
The vulnerabilities were identified as use-after-free issues caused by improper validation of pointers during object handling in PDFs, such as checkbox elements or AcroForms.
These flaws allowed attackers to exploit wild or null pointers, leading to crashes or unauthorized code execution. These updates are critical for maintaining cybersecurity hygiene due to the widespread use of Foxit’s PDF tools across industries.
Users are advised to install the updates promptly and enable security features like “Safe Reading Mode” to reduce risks from potentially harmful documents.