====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN063
_____________________________________________________________________

DATE                : 02/02/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S):  Systems running Foxit versions prior to
    PhantomPDF Mac 4.1.3, Foxit Reader versions prior to Mac 4.1.3.

=====================================================================
https://www.foxitsoftware.com/support/security-bulletins.html
_____________________________________________________________________

Security updates available in Foxit PhantomPDF Mac 4.1.3 and Foxit
Reader Mac 4.1.3


Release date: February 2, 2021

Platform: macOS


Summary

Foxit has released Foxit PhantomPDF Mac 4.1.3 and Foxit Reader Mac
4.1.3, which address potential security and stability issues.


Affected versions

Product                      Affected versions            Platform

Foxit PhantomPDF Mac        4.1.1.1123 and earlier         macOS

Foxit Reader Mac            4.1.1.1123 and earlier         macOS


Solution

Update your applications to the latest versions by following one of the
methods below.

    From the “Help” tab of Foxit PhantomPDF Mac or Foxit Reader Mac,
click on “Check for Updates” and update to the latest version.

    Click here to download the updated version of Foxit Reader Mac from
our website.

    Click here to download the updated version of Foxit PhantomPDF Mac
from our website.


Vulnerability details

Brief                             Acknowledgement

Addressed a potential issue where the application could be exposed to
Evil Annotation Attack and deliver incorrect validation results when
validating certain certified PDF files whose visible content was
significantly altered. This occurs as the application fails to identify
the objects in the incremental update when the Subtype entry of the
Annotation dictionary is set as null.
	
Simon Rohlmann, Vladislav Mladenov, Christian Mainka, Jorg Schwenk



For more information, please contact the Foxit Security Response Team at
[email protected].


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================