Foxit PDF Reader users need to use Safe Mode as 0-day vulnerabilities don't get fixed

Posted on Monday, August 21 2017 @ 13:23 CEST by Thomas De Maesschalck
One of the more popular alternatives to Adobe's Reader is the PDF Reader tool from Foxit. Unfortunately, it seems the latter suffers from two zero-day vulnerabilities that won't be fixed by the vendor. The Register reports Foxit tells its millions of users that documents are opened in Safe Reading Mode by default and that this is safe enough to prevent potential vulnerabilities from unauthorized JavaScript actions.
The Zero Day Initiative (ZDI) has gone public with a Foxit PDF Reader vulnerability without a fix, because the vendor resisted patching.

The ZDI made the decision last week that the two vulns, CVE-2017-10951 and CVE-2017-10952, warranted release so at least some of Foxit's 400 million users could protect themselves.

In both cases, the only chance at mitigation is to use the software's "Secure Mode" when opening files, something that users might skip in normal circumstances.


About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.



Loading Comments