FoxIt Software, makers of the popular free alternative PDF reader, FoxIt Reader, announced patches for three public vulnerabilities that were discovered in the past few weeks. With all the press attention focused on Adobe's Acrobat PDF reader, it may have gone somewhat overlooked that FoxIt Reader also had some weaknesses. In this case, FoxIt has managed to get the jump on Adobe as well, releasing their patches first.
FoxIt Software has provided the free, lightweight alternative PDF reader application since 2001. They have made a name for themselves by providing a product that is not only fully compatible with the Acrobat PDF format, but also with a small disk and memory footprint while doing so. They have carried this philosophy over to their mobile offerings as well, providing complete PDF viewers for Windows Mobile and other embedded operating systems.
Their premier product has had its own share of exploits over the years, which are not necessarily the same as the vulnerabilities that Adobe's Acrobat Reader has faced. Computerworld Magazine's security blog reports that the current FoxIt Reader vulnerabilities are different here:
The Foxit and Adobe bugs are unrelated, however, except for the fact that they are both in the code that parses JBIG2 images, said Thomas Kristensen, chief technology officer at Secunia, the Danish company that reported the flaw to Foxit. "It is a completely different vulnerability related to JBIG2," Kristensen said in an e-mail today.
FoxIt Reader has an integrated update system, so current users should be able to get the latest update automatically, or via the Check For Updates Now link in the Help pull-down menu. The patch details are also available from FoxIt directly.