Cybersecurity and cyberattacks have become prominent topics lately. No matter how much you secure your network, vulnerabilities continue to emerge for different operating systems and applications. Most recently, security professionals have discovered two critical vulnerabilities in a third-party PDF reading application called Foxit Reader. These vulnerabilities allow hackers to execute arbitrarily defined code on users‘ computers when Foxit Reader is used without Safe Reading Mode enabled.
Two critical zero–day vulnerabilities
On Aug. 17, researchers Steven Seeley and Ariele Caltabiano discovered two vulnerabilities in Foxit Reader:
1. CVE-2017-10951 acts as a command injection bug that resides in the app.launchURL function and executes strings provided by hackers. This vulnerability is mainly due to improper validation.
2. CVE-2017-10952 exists in the saveAs function and allows hackers to execute an arbitrarily specified file on users’ computers. If the arbitrary file is modified, then hackers can modify anything on the end user’s computer. Steven Seeley has tested a proof of concept and published it on Zero Day Initiative.
How can you keep Foxit Reader safe?
- Take precautions: Avoid downloading attachments from email addresses you don’t know. Opening a PDF from a nefarious sender could compromise your entire system.
- Manually change settings: Whether you’re using Foxit Reader or Foxit PhantomPDF, go to the settings menu to enable Safe Reading Mode and uncheck Enable JavaScript Actions.
- Employ automatic patch management: Doing all the groundwork manually is tiresome and complicated, especially since the number of vulnerabilities per application continually increases. Regularly updating your network is one of the best ways to remain free from zero-day vulnerabilities. Stay vigilant by employing patch management software like Desktop Central, which manages and deploys patches automatically.
How can ManageEngine help?
ManageEngine offers two types of support for these Foxit Reader vulnerabilities:
1. Patch deployment
Desktop Central can patch Windows, macOS, Linux, and over 250 third-party applications, all from a central location. We have released an update specifically for Foxit products to automatically enable Safe Reading Mode in Foxit PDF applications.
2. Registry configuration
With Desktop Central, you can deploy specific registry configurations, including the Foxit-specific keys below, to managed computers.
Key for enabling Safe Reading Mode:
HKEY_CURRENT_USER\Software\Foxit Software\Foxit Reader 8.0\Preferences\TrustManager
bSafeMode=1 (Enable Safe Reading Mode)
bSafeMode=0 (Disable Safe Reading Mode)
Key for unchecking Enable JavaScript Actions:
HKEY_CURRENT_USER\Software\Foxit Software\Foxit Reader 8.0\Preferences\Others
bEnableJS=1 (Enable JavaScript Actions)
bEnableJS=0 (Disable JavaScript Actions)
Start using Desktop Central today to evade vulnerabilities and breaches happening across any third–party application.
