Foxit’s PDF Reader was recently discovered to have two zero-day vulnerabilities discovered by Zero Day Initiative. When exploited, an attacker can execute arbitrary code, causing whatever malice they want.
While both of these weaknesses were discovered over 2 months ago, Foxit decided, at the time, to not fix the discovered bugs. They instead put out a statement telling users to utilize Safe Reading Mode. The problem with this solution is a user can be tricked into disabling these safety features, allowing hackers into their systems. This prompted the researches to go public sooner than they planned.
Because of this public shaming, and the assumed public outcry, Foxit has reversed its tracks and decided to release security updates to its users. While the company, in the end, did the right thing, who knows how much this bad publicity has hurt their bottom line and reputation. When it comes to cyber security, you always want to be known as the company which goes too far, not the one that doesn’t do enough.
If you’re unsure if what you offer to your clients has any security weaknesses, Optfinity can provide you with a free, no-obligation assessment to help give you peace of mind and mitigate any potential negative PR you may encounter by accidentally providing a product or service with security flaws.
Leave a Reply