It's really important you update your Foxit PDF Reader, but unfortunately their website is down

Filed Under: Featured, Malware, Vulnerability

Foxit ReaderThere's something to be said for not going with the crowd, when it comes to securing your computer.

Just think about it - substantially more malware is written for Windows than there is for Mac or Linux.

Similarly, we see frequent attacks against the likes of Java, Adobe Flash and Adobe's Acrobat PDF reader because they are so widely used. The malicious attackers like it when the whole world is using the same software, as it increases their chances of a successful attack.

And for that reason, some people use alternative software - such as Foxit Software's PDF reader.

Foxit PDF reader

The thinking is that if online criminals exploit a security vulnerability in Adobe's PDF software, it may not be also present in the Foxit reader.

That doesn't mean, of course, that alternative software is immune from security vulnerabilities. As a case in point, a vulnerability was found in Foxit's browser plugin earlier this month.

No malware appeared in the wild that exploited the bug, but Naked Security's Paul Ducklin examined and explained the vulnerability in some detail. He wrote that "the [bug], which is a side-effect of a stack overflow, pretty much lets you write to a memory location of your choice. That's not good."

But there is good news now, namely that Foxit has responded to the vulnerability with an update.

You can either go to Help|Check for Updates in the Foxit reader software, or download the latest version (5.4.5) directly from Foxit's website.

When I tried, however, I couldn't reach Foxit's website to download the software:

Foxit Software's website is inaccessible

It's unclear quite what the problem is with Foxit Software's website, but hopefully they will be able to fix it soon for the benefit of their users. Of course, just because the website is down doesn't necessarily mean that updates requested from within the product are necessarily impacted.

(If you are having trouble getting the update, don't forget that Duck's article includes instructions for a simple mitigation you can use to tide you over.)

An advisory from Foxit is allegedly published here, but I can't get to it.

There's something to be said for not going with the crowd, when it comes to securing your computer.

But you best have your fingers crossed that your alternative providers' websites don't fall over when you need a security update.

Good luck to those of you who are Foxit users. Update as soon as you can.

Update at 2013-01-22T10:56+11. As mentioned in the comments, the Foxit site seems to be fine now. Go get that fix!

, , , ,

You might like

5 Responses to It's really important you update your Foxit PDF Reader, but unfortunately their website is down

  1. Don · 588 days ago

    I was able to update via Help | Update without any problem even though the website was down. According to their notes, the issue is with a vulnerability with the Firefox extension. Those not using Firefox are theoretically not impacted.

  2. Wayne · 588 days ago

    Agree, no problem updating from within programme

  3. James · 588 days ago

    The link is available for me

  4. davers · 587 days ago

    Website is working for me but I don't need it as it has been uninstalled - to much extra stuff to opt out of in latest versions.

  5. MikeP_UK · 587 days ago

    As of 11.48 GMT 22 January 2013 the site was available and downloads working.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.