Foxit has patched Vulnerability-related.PatchVulnerability more than 118 vulnerabilities in its PDF reader , some of which could be exploited Vulnerability-related.DiscoverVulnerability to enable full remote code execution . Patches were released Vulnerability-related.PatchVulnerability last week for Foxit Reader 9.3 and Foxit PhantomPDF 9.3 to address Vulnerability-related.PatchVulnerability a huge number of issues in the programs . This security bulletin released by Foxit provides details on the extensive list of vulnerabilities , which were discovered Vulnerability-related.DiscoverVulnerability via internal research , end user reports , and reports from research teams . More than 118 issues were addressed Vulnerability-related.PatchVulnerability , though there was some overlap , and so the number of actual bugs was lower . Vulnerable versions are 9.2.0.9297 and earlier , and only affect Vulnerability-related.DiscoverVulnerability Windows users . A significant number of flaws were classed as ‘ critical ’ and could allow for remote code execution – 18 were reported Vulnerability-related.DiscoverVulnerability by Cisco Talos , all of which were dubbed high in severity . Several were use-after-free flaws , which allows memory to be accessed after it has been freed and can enable hackers to execute arbitrary code and take over the system . Cisco Talos wrote in a report : “ There are a couple of different ways an adversary could leverage this attack including tricking a user to opening a specially crafted , malicious PDF or , if the browser plugin is enabled , the user could trigger the exploit by viewing the document in a web browser. ” Foxit told The Daily Swig that its programs were embedded with security features designed to protect its users from malicious actors . These include a ‘ Safe Mode ’ , which “ prevents suspicious external commands to be executed by Foxit Reader ” , and the option to disable JavaScript . The company also urged its users to update to the latest version . A spokesperson told The Daily Swig : “ Overall , Foxit Reader has had over 525 million downloads , but obviously they are not all active users on the latest release . “ In Foxit Reader , we have a Safe Mode which prevents suspicious external commands to be executed by Foxit Reader . Therefore , we don ’ t know how many folks are running without Safe Mode enabled. ” However , this security feature was bypassed not just once , but twice , by researchers last year . Foxit added : “ For a number of reasons , including bug fixes Vulnerability-related.PatchVulnerability , we always advise users to download and install the latest release . Also , run the product in Safe Mode whenever possible . ”

The world governing body of track and field says it has become the victim of a cyberattack by a Russian hacking group linked to other incidents , including the hacking of the World Anti-Doping Agency and the U.S. Democratic Party . In an April 3 statement , the International Association of Athletics Federations ( IAAF ) attributed the attack to the Fancy Bear group . It said it believed the attack Attack.Databreach `` has compromised Attack.Databreach athletes ' Therapeutic Use Exemption ( TUE ) applications stored on IAAF servers '' during an unauthorized remote access Attack.Databreach to its network on February 21 . Fancy Bear began posting Attack.Databreach medical records of Olympians online last year , with U.S. and British athletes making up a large proportion of those targeted . Only selected records were released Attack.Databreach The IAAF said it contacted Context Information Security , a British security company , in January to undertake a technical investigation of its systems . The company says that investigation `` led to the discovery of a sophisticated intrusion . '' IAAF President Sebastian Coe said his organization will continue to do all it can to `` to remedy the situation and work with the world 's best organizations to create as safe an environment as we can . '' Fancy Bear gained widespread notoriety last year when cyber-researchers identified it and another group -- and they appeared to be linked to Russian intelligence services . They were also said to be behind the hack of the U.S. Democratic Party 's computer systems .