Hot on HuffPost Tech:

See More Stories
Free Switched iPhone app - try it now!
AOL Tech

Using FoxIt because you think it's safer than Adobe Reader? Think again.


Whenever we run a post about yet another security hole in Adobe Reader, commenters chime in with their support for Foxit's free alternative. If you've been singing its praises for security reasons, think again says security pro Didier Stevens.

Foxit, it turns out, has a rather major flaw right now. An attacker can piggyback and launch an executable within a PDF which Foxit will then run without any requesting confirmation from the user. Adobe Reader, on the other hand, throws up an alert window to ask whether the file should be allowed to run. "In this case, Foxit Reader is probably worse than Adobe Reader, because no warning gets displayed to prevent the launch action," says Stevens.

My desktop PDF viewer of choice -- Sumatra -- isn't affected by the exploit, nor is PDF-XChange and you can always play it safe by using the Google Docs web viewer.

And no, Stevens' exploit doesn't work on Linux or Mac. One crucial detail several commenters on his post seem to have missed is that he's calling cmd.exe, a file which you're not usually going to find on a non-Windows box...

[via Sunbelt]

Tags: exploit, foxit, pdf, security

Comments

13