It’s really important you update your Foxit PDF Reader, but unfortunately their website is down

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Foxit ReaderThere’s something to be said for not going with the crowd, when it comes to securing your computer.

Just think about it – substantially more malware is written for Windows than there is for Mac or Linux.

Similarly, we see frequent attacks against the likes of Java, Adobe Flash and Adobe’s Acrobat PDF reader because they are so widely used. The malicious attackers like it when the whole world is using the same software, as it increases their chances of a successful attack.

And for that reason, some people use alternative software – such as Foxit Software’s PDF reader.

Sign up to our free newsletter.
Security news, advice, and tips.

Foxit PDF reader

The thinking is that if online criminals exploit a security vulnerability in Adobe’s PDF software, it may not be also present in the Foxit reader.

That doesn’t mean, of course, that alternative software is immune from security vulnerabilities. As a case in point, a vulnerability was found in Foxit’s browser plugin earlier this month.

No malware appeared in the wild that exploited the bug, but Naked Security’s Paul Ducklin examined and explained the vulnerability in some detail. He wrote that “the [bug], which is a side-effect of a stack overflow, pretty much lets you write to a memory location of your choice. That’s not good.”

But there is good news now, namely that Foxit has responded to the vulnerability with an update.

You can either go to Help|Check for Updates in the Foxit reader software, or download the latest version (5.4.5) directly from Foxit’s website.

When I tried, however, I couldn’t reach Foxit’s website to download the software:

Foxit Software's website is inaccessible

It’s unclear quite what the problem is with Foxit Software’s website, but hopefully they will be able to fix it soon for the benefit of their users. Of course, just because the website is down doesn’t necessarily mean that updates requested from within the product are necessarily impacted.

(If you are having trouble getting the update, don’t forget that Duck’s article includes instructions for a simple mitigation you can use to tide you over.)

An advisory from Foxit is allegedly published here, but I can’t get to it.

There’s something to be said for not going with the crowd, when it comes to securing your computer.

But you best have your fingers crossed that your alternative providers’ websites don’t fall over when you need a security update.

Good luck to those of you who are Foxit users. Update as soon as you can.

Update at 2013-01-22T10:56+11. As mentioned in the comments, the Foxit site seems to be fine now. Go get that fix!


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.