Foxit has patched Vulnerability-related.PatchVulnerability more than 118 vulnerabilities in its PDF reader , some of which could be exploited Vulnerability-related.DiscoverVulnerability to enable full remote code execution . Patches were released Vulnerability-related.PatchVulnerability last week for Foxit Reader 9.3 and Foxit PhantomPDF 9.3 to address Vulnerability-related.PatchVulnerability a huge number of issues in the programs . This security bulletin released by Foxit provides details on the extensive list of vulnerabilities , which were discovered Vulnerability-related.DiscoverVulnerability via internal research , end user reports , and reports from research teams . More than 118 issues were addressed Vulnerability-related.PatchVulnerability , though there was some overlap , and so the number of actual bugs was lower . Vulnerable versions are 9.2.0.9297 and earlier , and only affect Vulnerability-related.DiscoverVulnerability Windows users . A significant number of flaws were classed as ‘ critical ’ and could allow for remote code execution – 18 were reported Vulnerability-related.DiscoverVulnerability by Cisco Talos , all of which were dubbed high in severity . Several were use-after-free flaws , which allows memory to be accessed after it has been freed and can enable hackers to execute arbitrary code and take over the system . Cisco Talos wrote in a report : “ There are a couple of different ways an adversary could leverage this attack including tricking a user to opening a specially crafted , malicious PDF or , if the browser plugin is enabled , the user could trigger the exploit by viewing the document in a web browser. ” Foxit told The Daily Swig that its programs were embedded with security features designed to protect its users from malicious actors . These include a ‘ Safe Mode ’ , which “ prevents suspicious external commands to be executed by Foxit Reader ” , and the option to disable JavaScript . The company also urged its users to update to the latest version . A spokesperson told The Daily Swig : “ Overall , Foxit Reader has had over 525 million downloads , but obviously they are not all active users on the latest release . “ In Foxit Reader , we have a Safe Mode which prevents suspicious external commands to be executed by Foxit Reader . Therefore , we don ’ t know how many folks are running without Safe Mode enabled. ” However , this security feature was bypassed not just once , but twice , by researchers last year . Foxit added : “ For a number of reasons , including bug fixes Vulnerability-related.PatchVulnerability , we always advise users to download and install the latest release . Also , run the product in Safe Mode whenever possible . ”

On Friday , a cache of hacking tools allegedly developed by the US National Security Agency was dumped online . The news was explosive in the digital security community because the tools contained methods to hack computers running Windows , meaning millions of machines could be at risk . Security experts who tested the tools , leaked by a group called the Shadow Brokers , found that they worked . They were panicked : This is really bad , in about an hour or so any attacker can download simple toolkit to hack into Microsoft based computers around the globe . — Hacker Fantastic ( @ hackerfantastic ) April 14 , 2017 But just hours later , Microsoft announced that many of the vulnerabilities were addressed Vulnerability-related.PatchVulnerability in a security update released Vulnerability-related.PatchVulnerability a month ago . “ Today , Microsoft triaged a large release of exploits made publicly available by Shadow Brokers , ” Philip Misner , a Microsoft executive in charge of security wrote in a blog post . “ Our engineers have investigated the disclosed exploits , and most of the exploits are already patched Vulnerability-related.PatchVulnerability . ” Misner ’ s post showed that three of nine vulnerabilities from the leak were fixed Vulnerability-related.PatchVulnerability in a March 14 security update . As Ars Technica pointed out , when security holes are discovered Vulnerability-related.DiscoverVulnerability , the individual or organization that found Vulnerability-related.DiscoverVulnerability them is usually credited in the notes explaining the update . No such acknowledgment was found in the March 14 update . Here ’ s a list of acknowledgments for 2017 , showing credit for finding security problems in almost every update . One theory among security practitioners is that the NSA itself reported Vulnerability-related.DiscoverVulnerability the vulnerabilities to Microsoft , knowing that the tools would be dumped publicly . Microsoft told ZDNet that it might not list individuals who discover Vulnerability-related.DiscoverVulnerability flaws for a number of reasons , including by request from the discoverer . The US government has not commented on this leak , though previous leaks by the Shadow Brokers claiming to be NSA hacking tools were confirmed at least in part by affected vendors and NSA whistleblower Edward Snowden .

As part of Unit 42 ’ s ongoing threat research , we can now disclose Vulnerability-related.DiscoverVulnerability that Palo Alto Networks Unit 42 researchers have discovered Vulnerability-related.DiscoverVulnerability two code execution vulnerabilities affecting Vulnerability-related.DiscoverVulnerability Microsoft Office that were addressed Vulnerability-related.PatchVulnerability in Microsoft ’ s May 2017 monthly security update release : For current customers with a Threat Prevention subscription , Palo Alto Networks has also released Vulnerability-related.PatchVulnerability IPS signatures providing proactive protection from these vulnerabilities . Traps , Palo Alto Networks advanced endpoint solution , can block memory corruption based exploits of this nature . Palo Alto Networks is a regular contributor to vulnerability research in Microsoft , Adobe , Apple , Google Android and other ecosystems . By proactively identifying Vulnerability-related.DiscoverVulnerability these vulnerabilities , developing protections for our customers , and sharing the information with the security community , we are removing weapons used by attackers to threaten users , and compromise enterprise , government , and service provider networks .

As part of Unit 42 ’ s ongoing threat research , we can now disclose that Palo Alto Networks Unit 42 researchers have discovered Vulnerability-related.DiscoverVulnerability two code execution vulnerabilities affecting Vulnerability-related.DiscoverVulnerability Adobe Flash ( APSB17-04 ) that were addressed Vulnerability-related.PatchVulnerability in Adobe ’ s monthly security update release Vulnerability-related.PatchVulnerability : For current customers with a Threat Prevention subscription , Palo Alto Networks has also released IPS signatures providing proactive protection from these vulnerabilities . Traps , Palo Alto Networks advanced endpoint solution , can block memory corruption based exploits of this nature . Palo Alto Networks is a regular contributor to vulnerability research in Microsoft , Adobe , Apple , Google Android and other ecosystems . By proactively identifying these vulnerabilities , developing protections for our customers , and sharing the information with the security community , we are removing weapons used by attackers to threaten users , and compromise enterprise , government , and service provider networks