Hackers are Selling Exploits for Foxit Read: Patch ASAP!

A threat actor has announced the sale of an exploit targeting a vulnerability in Foxit Reader, a widely used PDF viewer.

This vulnerability could potentially allow remote code execution, posing a significant risk to millions of users worldwide.

Foxit has responded by releasing updates to patch these vulnerabilities.

Users are urged to update their software immediately to protect against potential attacks.

The Vulnerability in Detail

Foxit Reader, known for its lightweight design and comprehensive feature set, has become a popular alternative to Adobe Reader. However, its widespread use also makes it a target for cybercriminals.


Free Webinar : Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities. :

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

AcuRisQ, that helps you to quantify risk accurately:

The vulnerability in question affects Foxit PDF Reader 12.0.2 and earlier versions on Windows, as well as Foxit PDF Editor (previously named Foxit PhantomPDF) versions and earlier, including all previous 12. x and 11. x versions, and and earlier.

On the macOS platform, affected software includes Foxit PDF Editor for Mac,,, and earlier, as well as Foxit PDF Reader for Mac and earlier versions.

The Threat Actor’s Announcement

An unidentified threat actor has put the exploit up for sale. It reportedly allows for remote code execution by exploiting a vulnerability in Foxit Reader.

According to the announcement, the exploit operates by running a malicious build when a specially crafted PDF file is opened and reloaded in the official Reader, potentially allowing attackers to take control of affected systems.

In response to the threat, Foxit has released updates for its PDF software on both Windows and macOS platforms.

The updates, Foxit PDF Editor for Mac 12.0.2 and Foxit PDF Reader for Mac 12.0.2, along with Foxit PDF Reader 12.1 and Foxit PDF Editor 12.1 for Windows, address the security and stability issues identified.

Affected Versions and Updates

ProductAffected VersionsPlatform
Foxit PDF Editor for Mac (previously PhantomPDF),, and earliermacOS
Foxit PDF Reader for Mac (previously Reader) and earliermacOS
Foxit PDF Reader12.0.2.12465 and earlierWindows
Foxit PDF Editor (previously PhantomPDF) and all previous 12.x versions, and all previous 11.x versions, and earlierWindows

Urgent Call to Action

Users of Foxit Reader and Foxit PDF Editor on both Windows and macOS platforms are strongly advised to update their software to the latest versions immediately.

Doing so will patch the vulnerabilities and protect against potential exploits.

Foxit has made the updates available on its official website, ensuring users can easily access and install the necessary software to secure their systems.

The announcement of an exploit sale targeting Foxit Reader underscores the importance of maintaining up-to-date software to protect against cybersecurity threats.

By promptly applying the latest patches from Foxit, users can safeguard their systems from potential remote code execution attacks.

As cyber threats evolve, staying informed and vigilant is more crucial than ever.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

Divya is a Senior Journalist at Cyber Security news covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.