Researchers revealed six new vulnerabilities, including a critical one in Foxit PDF Reader that allows arbitrary code execution. Three flaws were also found in Veertu’s Anka Build, threatening CI/CD environments for macOS and iOS testing.
Foxit PDF Reader vulnerability
A critical vulnerability in Foxit PDF Reader, identified as a use-after-free flaw, allows attackers to execute arbitrary code on a targeted system.
Exploitation occurs when a user opens a specially crafted PDF file or visits a malicious website while the Foxit PDF Reader browser extension is enabled. This vulnerability could be used to gain unauthorized access, potentially leading to system compromise or further attacks. Users are advised to update to the latest version to mitigate this risk.
Attackers can exploit the vulnerability to corrupt memory and take control of affected devices by manipulating the PDF’s JavaScript content.
Two critical vulnerabilities, TALOS-2024-2068 (CVE-2024-36474) and TALOS-2024-2069 (CVE-2024-42415), were found in the G Structured File Library (libgsf) of the GNOME project, potentially leading to remote code execution. These flaws result from integer overflows during array index and sector allocation table processing.
Attackers can exploit these vulnerabilities by tricking users into opening malicious files, potentially gaining unauthorized system access.
Three critical flaws were also found in Veertu’s Anka Build software, including two directory traversal vulnerabilities (TALOS-2024-2059, TALOS-2024-2061) that allow unauthorized file access via crafted HTTP requests.
A low-privileged user could exploit the TALOS-2024-2060 vulnerability in Anka Build to gain root access. Cisco Talos urges immediate action to address these critical security risks.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment