back to article For Foxit's sake: Windows and Mac users alike urged to patch PhantomPDF over use-after-free vulns

Windows and Mac users running Foxit's popular PhantomPDF reader should update their installations to the latest version after the US CISA cybersecurity agency warned of a handful of high-severity product vulnerabilities. In its latest regular threat report, CISA counted four CVSS v2 7.5-level vulns affecting PhantomPDF. The …

  1. Hubert Cumberdale Silver badge

    "The software suite is widely used for manipulating PDFs, particularly by people whom, for whatever reason, eschew Adobe's products and pricing model."

    Quite. Ignoring the unfortnate grammar flub, I really won't go near Acrobat these days due to epic bloat. I'll often let Firefox show me PDFs, but otherwise I use PDF-XChange Viewer* (because it's mildly less PLEASE PAY FOR ME than Foxit).

    * Edit: Just seen that "PDF-XChange Viewer has been discontinued and replaced by PDF-XChange Editor - which is now available and includes all the features of the Viewer and much, much more..." Well, shit. So much for no bloat.

    1. The Oncoming Scorn Silver badge
      Pint

      Given the number of PDF forms that are directly or indirectly fill-able. I have simply used Print to PDF for my needs.

      1. Roland6 Silver badge

        >I have simply used Print to PDF for my needs.

        Much depends on where you "print to PDF", eg. print to PDF using the Chrome option generates a different file to if you print using the Windows print service and use say the FoxIT PDF print driver to print to PDF.

        There are times, for example when printing webpages that it is useful to use a Print-to-PDF function that retains the text and so you can subsequently cut-and-paste extracts.

    2. amanfromMars 1 Silver badge

      Not so much unfortunate as comic:-)

      Was that an intentional spelling flub, HC?

      1. Hubert Cumberdale Silver badge

        Re: Not so much unfortunate as comic:-)

        I'm gonna lie and say yes.

    3. Potemkine! Silver badge

      For most of PDF I use SumatraPDF. does the job and nothing more, so not vulnerability free, but quite.

      Can be download via ninite (ninite rulz!)

      1. JCitizen Bronze badge
        Go

        @Potemkine

        Well, you can't do anything fancy with it, but yeah, if that is all you need why suffer? I quit Foxit years ago, because it got as bad about updating as Adobe.

        So far I haven't found anything I can't do by using SumutraPDF, including re-writable documents, so I really wonder why use anything else; If I need to modify graphics in PDFs, I just whip out the LibreOffice, and save it as such. But never mind me, I'm no coding guru; far from it; but I did a lot of warfare with malware in my day, and never got my honey pot pwned because I had SumutraPDF on board.

  2. Sleep deprived

    The reason to run Foxit is long gone

    I used to run Foxit as a simple reader for local PDF files, but it kept growing into a connected PDF browser, so much that I'd avoid updates to keep it small and simple (and not connected). Now that I use Acrobat DC for commenting PDF files, I'm almost perfectly happy with it, let alone for some UI glitches, and didn't even bother installing Foxit when switching to a new laptop.

    1. Schultz Silver badge

      Re: The reason to run Foxit is long gone

      I switched years ago to Sumatra PDF, for bloatless reading. Simple tools for simple tasks.

    2. MacroRodent Silver badge

      Re: The reason to run Foxit is long gone

      But it is still a lot less bloated than the Adobe reader, which I threw away in disgust some time ago from the one Windows 7 machine I still have.

  3. LenG

    Foxit reader

    I still use Foxit reader. I don't have any of the phantomPDF suite although if I open the reader from the start menu/icon it does remind me that I can have a 14 free trial. In the simpler case of clicking on a .pdf it still just runs as a standalone reader. There is a security update available for this also so I assume it is simply the reader module from PhantomPDF in standalone guise.

    1. AMBxx Silver badge

      Re: Foxit reader

      The nagging and the adverts can easily be turned off in preferences.

  4. Pangasinan Philippines

    Foxit Free Fail

    The option to acquire with scanner disappeared after an update.

    i.e. required update to paid version.

    The answer is to revert to previous version and never check for updates

    Just Saying

  5. Blackjack Silver badge

    Sumatra PDF

    Sumatra PDF is a very good option if you just want to replace Foxit Reader.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020