In a recent development, researchers shed light on six new security vulnerabilities discovered across various software platforms. One critical vulnerability was found in Foxit PDF Reader, a popular alternative to Adobe Acrobat, which could potentially allow attackers to execute arbitrary code on the target system.
The vulnerability identified in Foxit PDF Reader is a critical use-after-free vulnerability, which hackers could exploit to run malicious code on a targeted machine. This vulnerability can be triggered when a user opens a specially crafted PDF file or visits a malicious website with the Foxit PDF Reader browser extension enabled. By exploiting this vulnerability, attackers can corrupt memory and take control of the affected device by manipulating the JavaScript content of the PDF.
Furthermore, Veertu’s Anka Build software, designed for testing macOS or iOS applications in CI/CD environments, was found to have three vulnerabilities. Two of these vulnerabilities, TALOS-2024-2059 and TALOS-2024-2061, are directory traversal issues that could allow unauthorized access to files by sending malicious HTTP requests. The third vulnerability, TALOS-2024-2060, is a privilege escalation vulnerability that could enable a low-privileged user to gain root access through the software update mechanism.
In addition to these findings, two critical vulnerabilities were discovered within the G Structured File Library (libgsf) associated with the GNOME project. These vulnerabilities, TALOS-2024-2068 (CVE-2024-36474) and TALOS-2024-2069 (CVE-2024-42415), stem from integer overflows during array index manipulation and sector allocation table processing, respectively. Exploiting these vulnerabilities could lead to remote code execution if a user opens a maliciously crafted file, allowing unauthorized access to the system.
According to Ciso Talos, users of Anka Build software are currently vulnerable to significant security risks due to these identified vulnerabilities. To mitigate the potential exploitation of these vulnerabilities, immediate attention and action are required to secure the system and prevent unauthorized access.
It is crucial for users of these affected software platforms to stay vigilant and update their systems with the latest security patches and fixes to protect against potential cyber threats. By being proactive and implementing best practices for cybersecurity, users can reduce the risk of falling victim to malicious attacks and safeguard their sensitive information and data.