Security News > 2020 > October > For Foxit's sake: Windows and Mac users alike urged to patch PhantomPDF over use-after-free vulns
Windows and Mac users running Foxit's popular PhantomPDF reader should update their installations to the latest version after the US CISA cybersecurity agency warned of a handful of high-severity product vulnerabilities.
Foxit has published updates for its software in both Windows and Apple Mac formats.
Those readers running versions prior to 10.1 for Windows and version 4.1 for Mac ought to download and install them from Foxit's website.
Under CVSS v3, the vulns were scored as 9.8, a critical score, though it is important to note that CVSS scores are generally a guide to the worst-case-scenario impact of a vuln if it is misused.
Use-after-free vulns are where an application re-reads memory that has been reallocated by the host system to something else; a suitably prepared malicious person can insert code into the right memory area which could, in theory, be read by the application and executed.
News URL
https://go.theregister.com/feed/www.theregister.com/2020/10/13/foxit_phantompdf_vulns_update/