Security News > 2020 > October > For Foxit's sake: Windows and Mac users alike urged to patch PhantomPDF over use-after-free vulns
Windows and Mac users running Foxit's popular PhantomPDF reader should update their installations to the latest version after the US CISA cybersecurity agency warned of a handful of high-severity product vulnerabilities.
Foxit has published updates for its software in both Windows and Apple Mac formats.
Those readers running versions prior to 10.1 for Windows and version 4.1 for Mac ought to download and install them from Foxit's website.
Under CVSS v3, the vulns were scored as 9.8, a critical score, though it is important to note that CVSS scores are generally a guide to the worst-case-scenario impact of a vuln if it is misused.
Use-after-free vulns are where an application re-reads memory that has been reallocated by the host system to something else; a suitably prepared malicious person can insert code into the right memory area which could, in theory, be read by the application and executed.
- Microsoft Releases Patch for Actively Exploited Windows Zero-Day Vulnerability (source)
- Microsoft rolls out Office LTSC 2021 for Windows and Mac (source)
- Fix network printing or keep Windows secure? Admins would rather disable PrintNightmare patch (source)
- Update Your Windows PCs Immediately to Patch New 0-Day Under Active Attack (source)