Security Alerts & News
by Tymoteusz A. Góral

#1048 Foxit patches 12 vulnerabilities in PDF reader
Foxit patched a dozen vulnerabilities in its PDF reader software this week, more than half of which could allow an attacker to directly execute arbitrary code on vulnerable installations of the product.

The company released version 8.0 of its Foxit Reader and Foxit PhantomPDF on Monday, addressing vulnerabilities in builds and earlier of the product. Details around the issues weren’t publicly disclosed until two days later, on Wednesday, in coordination with the Zero Day Initiative. Like most PDF vulnerabilities, user interaction is required

Like most PDF vulnerabilities, user interaction is required to exploit any of the vulnerabilities, meaning an attacker would have to trick a user into either visiting a malicious page or opening a malicious PDF file. While eight of the vulnerabilities can directly result in remote code execution, technically all of the vulnerabilities could be used to execute code; some just need to be chained together with other vulnerabilities to do so.
Read more
#1048 Foxit patches 12 vulnerabilities in PDF reader
#1047 YSTS X: The highlights of the COOLEST security conference in Brazil
#1046 Android Trojan malware makes hackers $500,000
#1045 Facebook malware: tag me if you can
#1044 Ransomware attacks may trigger breach notifications
#1043 OWASP Application Security Verification Standard 3.0.1 (PDF)
#1042 Dangerous keyboard app has more than 50 million downloads
#1041 Thirty percent of Android devices susceptible to 24 critical vulnerabilities
#1040 KSN Report: Mobile ransomware in 2014-2016
#1039 A massive financial crime and terrorism database has leaked
#1038 WiFi wave2 gets multi-gigabit, multi-user boost with upgrades to 802.11ac
#1037 Google's 'FASTER' 9000km, 60Tbps transpacific fiber optics cable completed
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12