Old Alerts

2009 Riskiest country domains - McAfee

FYI...

2009 Riskiest country domains - McAfee
- http://www.theregister.co.uk/2009/12/02/mal_hosting_survey/
2 December 2009 - "... McAfee analysed 27 million websites and 104 top-level domains using its SiteAdvisor and TrustedSource technology in compiling its report*. SiteAdvisor tests websites for browser exploits, phishing, excessive pop-ups and malicious downloads, while TrustedSource offers a reputation system that tracks web traffic patterns, site behaviour, hosted content and more, to gauge site security risks. The security firm reckons 5.8 per cent (or more than 1.5 million web sites) pose a security risk of one kind or another. The top five riskiest country domains online for 2009, according to McAfee:
1. Cameroon (.cm)
2. PR of China (.cn)
3. Samoa (.ws)
4. Phillipines (.ph)
5. Former Soviet Union (.su) "

* http://newsroom.mcafee.com/article_display.cfm?article_id=3600
December 02, 2009

:fear:
 
PDF – Pretty Darned Fatal

FYI...

PDF – Pretty Darned Fatal
- http://www.eset.com/threat-center/blog/2009/12/18/pdf-–-pretty-darned-fatal
December 18, 2009 - "Adobe PDF files were supposed to be a safe alternative to Microsoft Word documents in a time when Microsoft offered no effective protection against macro viruses and had virtually no security model in Office at all. Times change. Microsoft Word documents rarely spread macro viruses and have not for a long time if you are using versions of Word newer than Office XP.
In a dazzling display of arrogant refusal to learn from history, Adobe has configured their products for inferior security by deliberately choosing not to learn security lessons that Microsoft learned years ago.
Security flaws in Adobe reader and Adobe Acrobat are a major problem, but in most cases the technology that allows the exploits to work is JavaScript. Adobe Reader and Acrobat support JavaScript and insanely leave it enabled by default. In practice most PDFs do not require JavaScript and many that do are quite usable without it anyway. If you want to do something simple to help protect yourself against drive-by malware infections – the kind where you simply go to a webpage and get infected, then disable JavaScript in Acrobat and Reader. In Adobe Reader version 9, you go to the edit menu, select preferences, then JavaScript, and then -uncheck- the box that says “Enable Acrobat JavaScript”.
This is how Adobe would set the defaults if they listened to their security experts instead of the marketing department..."

- http://voices.washingtonpost.com/securityfix/2009/12/hackers_exploit_adobe_reader_f.html
December 18, 2009

0-Day Malware Drops Payloads Signed with a Forged Microsoft Certificate
- http://blog.webroot.com/2009/12/15/...s-signed-with-a-forged-microsoft-certificate/
December 15, 2009

:fear::mad:
 
Last edited:
Sendmail vuln - update available

FYI...

Sendmail vuln - update available
- http://secunia.com/advisories/37998/2/
Release Date: 2009-12-31
Critical: Moderately critical
Impact: Spoofing
Where: From remote
Solution Status: Vendor Patch
Software: Sendmail 8.x...
Solution: Update to version 8.14.4...
Original Advisory: http://www.sendmail.org/releases/8.14.4

Release notes:
- http://www.sendmail.org/releases/8.14.4#RS

- http://securitytracker.com/alerts/2009/Dec/1023393.html

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4565
Last revised: 01/05/2010
CVSS v2 Base Score: 7.5 (HIGH)

:fear:
 
Last edited:
Malicious PDF docs exploiting CVE-2009-4324

FYI...

Malicious PDF docs exploiting CVE-2009-4324
- http://isc.sans.org/diary.html?storyid=7867
Last Updated: 2010-01-04 06:29:59 UTC - "... Quick analysis of the document confirmed that it is exploiting this vulnerability (CVE-2009-4324 – the doc.media.newPlayer vulnerability). This can be easily seen in the included JavaScript in the PDF document, despite horrible detection (only 6 out of 40 AV vendors detected this when I initially submitted it here*). After extracting the included JavaScript code, the shellcode that it uses looked quite a bit different than what we can usually see in such exploits: this shellcode was only 38 bytes long!... Since this exploit has not been patched yet, I would like to urge you all to, at least, disable JavaScript in your Adobe Reader applications. We are getting more reports about PDF documents exploiting this vulnerability, and it certainly appears that the attackers are willing to customize them to get as many victims to open them as possible. Also keep in mind that such malicious PDF documents can go to a great length when used in targeted attacks – the fake PDF that gets opened can easily fool any user into thinking it was just a mistakenly sent document..."
* http://www.virustotal.com/analisis/...cfdc4f07a50718743f8e67e89bab386eab-1262223143
File Requset.pdf received on 2009.12.31 01:32:23 (UTC)
Result: 6/40 (15.00%)

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4324

More on malicious PDF's
- http://isc.sans.org/diary.html?storyid=7903
Last Updated: 2010-01-07 01:01:21 UTC- "While we are still waiting for the patch and the malicious PDFs which exploit CVE-2009-4324 become more and more nasty, here's another quick excursion in dissecting and analyzing hostile PDF files... we find a recent ThreatExpert analysis http://www.threatexpert.com/report.aspx?md5=b0eeca383a7477ee689ec807b775ebbb that matches perfectly to what we found within this PDF..."
___

Adobe Reader v9.3 released
- http://forums.spybot.info/showpost.php?p=355307&postcount=134
January 12, 2010

:fear:
 
Last edited:
USB flash drive vuln...

FYI...

USB flash drive vuln...
- http://isc.sans.org/diary.html?storyid=7894
Last Updated: 2010-01-11 15:34:41 UTC - "... security flaw recently exposed on USB flash drive. The issue of the attack is with a software bug in the password verification mechanism. This affects Kingston, SanDisk and Verbatim...
SanDisk Update Information: http://www.sandisk.com/business-sol...nical-support/security-bulletin-december-2009
Verbatim Update Information: http://www.verbatim.com/security/security-update.cfm
Kingston Recall Information: http://www.kingston.com/driveupdate/
UPDATE: An ISC reader has contacted Kingston support and confirmed they will be releasing a firmware patch to fix the issue. They have described it as a randomization error and it will affect some of the drives..."

Kingston
- http://secunia.com/advisories/38136/2/
SanDisk
- http://secunia.com/advisories/37927/2/
Verbatim
- http://secunia.com/advisories/38137/2/

Kingston
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0221
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0222
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0223
Sandisk
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0224
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0225
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0226
Verbatim
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0227
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0228
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0229

:fear:
 
Last edited:
Firefox-based attack wreaks havoc...

FYI...

Firefox-based attack wreaks havoc on IRC users
- http://www.theregister.co.uk/2010/01/30/firefox_interprotocol_attack/
30 January 2010 01:41 GMT - "Underscoring a little-known web vulnerability, hackers are exploiting a weakness in the Mozilla Firefox browser to wreak havoc on Freenode and other networks that cater to users of internet relay chat. Using a piece of javascript embedded into a web link, the hackers force users of the open-source browser to join IRC networks and flood channels with diatribes that include the same internet address. As IRC users with Firefox follow the link, their browsers are also forced to spam the channels, giving the attack a viral quality that has has caused major disruptions for almost a month... The malicious javascript exploits a feature that allows Firefox to send data over a variety of ports that aren't related to web browsing. By relaying the scripts over port 6667, users who click on the link automatically connect to the IRC server and begin spewing a tirade of offensive text and links. The attack doesn't work with Internet Explorer or Apple Safari, but "might" work with other browsers... IRC networks such as Efnet and OFTC have managed to block the attacks, but at time of writing Freenode operators were still struggling to repel them..."

:fear::mad:
 
Mozilla add-ons - 2 infected at AMO...

FYI...

- http://blog.mozilla.com/addons/2010/02/09/update-on-the-amo-security-issue/
February 9, 2010 - "... the suspected trojan in Version 4.0 of Sothink Video Downloader was a false positive and the extension does not include malware. The same investigation also confirmed that the Master Filer extension included a valid instance of a trojan. Our estimate of 6,000 affected downloads has been revised to under 700. The Sothink Video Downloader has been re-enabled on AMO. We apologize to our users and the developers of Sothink for any inconvenience this has caused..."

Mozilla add-ons - 2 infected...
- http://blog.mozilla.com/addons/2010/02/04/please-read-security-issue-on-amo/
February 4, 2010 - "Two experimental add-ons, Version 4.0 of Sothink Web Video Downloader and all versions of Master Filer were found to contain Trojan code aimed at Windows users. Version 4.0 of Sothink Web Video Downloader contained Win32.LdPinch.gen, and Master Filer contained Win32.Bifrose.32.Bifrose Trojan. Both add-ons have been disabled on AMO.
Impact to users:
If a user installs one of these infected add-ons, the trojan would be executed when Firefox starts and the host computer would be infected by the trojan. Uninstalling these add-ons does -not- remove the trojan from a user’s system. Users with either of these add-ons should uninstall them immediately. Since uninstalling these extensions does not remove the trojan from a user’s system, an antivirus program should be used to scan and remove any infections...
Versions of Sothink Web Video Downloader greater than 4.0 are not infected. Master Filer was downloaded approximately 600 times between September 2009 and January 2010. Version 4.0 of Sothink Web Video Downloader was downloaded approximately 4,000 times between February 2008 and May 2008. Master Filer was removed from AMO on January 25, 2010 and Version 4.0 of Sothink Web Video Downloader was removed from AMO on February 2, 2010. AMO performs a malware check on all add-ons uploaded to the site, and blocks add-ons that are detected as such. This scanning tool failed to detect the Trojan in Master Filer. Two additional malware detection tools have been added to the validation chain and all add-ons were rescanned, which revealed the additional Trojan in Version 4.0 of Sothink Web Video Downloader. No other instances of malware have been discovered..."

:sad::mad::fear:
 
Last edited:
WordPress iframe injection...

FYI...

WordPress iframe injection?
- http://isc.sans.org/diary.html?storyid=8164
Last Updated: 2010-02-05 23:57:23 UTC - "... some strange entries he found in his Apache logs (see below) and some rumblings of a number of WordPress blogs being compromised. He was in contact with one of the affected bloggers and they figured out that the compromise resulted in the injection of some obfuscated javascript that created a hidden iframe. We haven't heard exactly what the vulnerability was that was exploited, but if the log entries are actually related there may be a permission problem or perhaps some sort of SQL injection issue with joomla or the tinymce editor (at least, that is what the log entries showed that someone is looking for)... The particular log entry that caught Neal's attention was:
GET /joomla/plugins/editors/tinymce/jscripts/tiny_mce/license.txt
So you may want to be on the lookout for those in your own logs."

:fear::fear:
 
2010 State of Enterprise Security

FYI...

2010 State of Enterprise Security
- http://www.symantec.com/about/news/release/article.jsp?prid=20100221_01
February 22, 2010 – Symantec... today released the findings of its global 2010 State of Enterprise Security study... 75 percent of organizations experienced cyber attacks in the past 12 months. These attacks cost enterprise businesses an average of $2 million per year. Finally, organizations reported that enterprise security is becoming more difficult due to understaffing, new IT initiatives that intensify security issues and IT compliance issues. The study is based on surveys of 2,100 enterprise CIOs, CISOs and IT managers from 27 countries in January 2010...
Study Highlights:
• Forty-two percent of enterprises rank cyber risk as their top concern, more than natural disasters, terrorism, and traditional crime combined...
• Enterprises are experiencing frequent attacks. In the past 12 months, 75 percent of enterprises experienced cyber attacks, and 36 percent rated the attacks somewhat/highly effective. Worse, 29 percent of enterprises reported attacks have increased in the last 12 months.
• Every enterprise (100 percent) experienced cyber losses in 2009. The top three reported losses were theft of intellectual property, theft of customer credit card information or other financial information, and theft of customer personally identifiable information. These losses translated to monetary costs 92 percent of the time. The top three costs were productivity, revenue, and loss of customer trust...
• Enterprise security is becoming more difficult due to a number of factors..."

(More detail and recommendations at the URL above.)

:fear:
 
Last edited:
Adobe Reader exploit/vuln active in the Wild - CVE-2010-0188

FYI...

Adobe Reader exploit/vuln active in the Wild - CVE-2010-0188
- http://blogs.technet.com/mmpc/archi...bility-is-actively-exploited-in-the-wild.aspx
March 08, 2010 - "While recently analyzing a malicious PDF file, I noticed a vulnerability exploited by the sample which I've never encountered before. After a bit of research I came to the conclusion that this specific sample exploited CVE-2010-0188*. This is a fresh vulnerability, information about which was just published this February. It is described as possibly leading to arbitrary code execution, which is exactly what’s happening. When the PDF file is loaded, Adobe Reader opens and then closes, while an executable file named a.exe is dropped directly onto the C:\ drive. The dropped executable, which is actually embedded into the PDF file, tries to connect to a .biz registered domain to download other files. JavaScript is again used to successfully exploit this vulnerability, so disabling it for unknown documents might be a good idea..."
* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0188
CVSS v2 Base Score: 9.3 (HIGH) - "... Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1**..."
** http://www.adobe.com/support/security/bulletins/apsb10-07.html

- http://techblog.avira.com/2010/03/09/pdf-exploit-for-recently-closed-security-hole/en/
March 9, 2010

- http://www.f-secure.com/weblog/archives/targeted_attacks_2008_2009_2010.png
March 9, 2010

> http://forums.spybot.info/showpost.php?p=360063&postcount=44

:mad::mad:
 
Last edited:
Mariposa malware... Vodafone Android Phone

FYI...

Vodafone Android Phone: Complete with Mariposa Malware
- http://isc.sans.org/diary.html?storyid=8389
Last Updated: 2010-03-09 14:20:25 UTC - "Panda Security has a post up on one of their employees buying a brand -new- Android phone from Vodafone and discovering it was spreading Mariposa*. It didn't infect the phone proper, but it did have autoexec.inf and autoexec.bat files designed to infect whatever Windows machine the phone was plugged into via USB cable. Unlike the Engergizer story from yesterday, this one is happening now. Standard USB defenses apply, don't automatically execute autoexec.bat/inf files from USB devices. This Microsoft KB article** discusses how to disable the "Autoplay" functionality that leads to this problem..."
* http://research.pandasecurity.com/vodafone-distributes-mariposa/
March 8, 2010

** http://support.microsoft.com/kb/967715

- http://www.internetnews.com/securit...posa+Bot+Shipped+With+Vodafone+Smartphone.htm
March 10, 2010 - "... Confiker, Mariposa -and- Lineage password stealing malware samples installed on a recently purchased Vodafone HTC Magic smartphone..."

- http://news.cnet.com/8301-27080_3-20000676-245.html
March 17, 2010 - "... an employee at -another- Spanish security company, S21Sec, checked his recently-acquired HTC Magic and found the Mariposa malware lurking on it, according to a PandaLabs blog post* on Wednesday..."
* http://research.pandasecurity.com/vodafone-distributes-mariposa-part-2/
___

- http://www.pcworld.com/businesscent...ed_memory_cards_of_3000_vodafone_mobiles.html
March 19, 2010 - "Malware-tainted memory cards may have ended up on as many as 3,000 HTC Magic phones, a greater number than first suspected, Vodafone said Friday..."
- http://www.theregister.co.uk/2010/03/19/voda_spain_mariposa_latest/
19 March 2010 - "... suggesting 3,000 users were exposed to the malware make it one of the biggest incidents of an IT supplier shipping pre-pwned mobile kit."

:mad::blink:
 
Last edited:
Apple QuickTime v7.6.6 released

FYI...

Apple QuickTime v7.6.6 released
- http://secunia.com/advisories/39133/
Last Update: 2010-04-05
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Solution: Update to version 7.6.6.
Original Advisory: Apple:
http://support.apple.com/kb/HT4104
CVE Reference(s): CVE-2009-2837, CVE-2010-0059, CVE-2010-0060, CVE-2010-0062, CVE-2010-0514, CVE-2010-0515, CVE-2010-0516, CVE-2010-0517, CVE-2010-0518, CVE-2010-0519, CVE-2010-0520, CVE-2010-0526, CVE-2010-0527, CVE-2010-0528, CVE-2010-0529, CVE-2010-0536.

- http://www.apple.com/quicktime/download/

- http://isc.sans.org/diary.html?storyid=8566
Last Updated: 2010-04-02 12:30:26 UTC

:fear:
 
Last edited:
Foxit Reader v3.2.1.0401 released

FYI...

Foxit Reader v3.2.1.0401 released
- http://www.foxitsoftware.com/downloads/index.php
04/01/10

Fixed in Foxit Reader 3.2.1.0401
- http://www.foxitsoftware.com/pdf/reader/bugfix.htm
1. Fixed a security issue that Foxit Reader runs an executable embedded program inside a PDF automatically without asking for user’s permission.

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1239
Last revised: 04/06/2010
CVSS v2 Base Score: 9.3 (HIGH)

From an admin. account, update is available through the "Check for Updates" function:
> Help > Check for Updates now > FoxIt Reader 3.2.1.0401 Upgrade

RE: http://isc.sans.org/diary.html?storyid=8545
Last Updated: 2010-03-31 19:04:25 UTC
...and: http://www.f-secure.com/weblog/archives/00001923.html
March 31, 2010

- http://www.kb.cert.org/vuls/id/570177
2010-04-02 - "... issue is addressed in Foxit Reader 3.2.1.0401..."

- http://secunia.com/advisories/39291/
Release Date: 2010-04-05
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Foxit Reader 3.x
Solution: Update to version 3.2.1.0401.

- http://www.h-online.com/security/ne...t-closes-executable-security-hole-970102.html
5 April 2010

:fear:
 
Last edited:
PDF security hole 'Proof of concept' released

FYI...

PDF security hole 'Proof of concept' released...
- http://www.theregister.co.uk/2010/04/06/wormable_pdfs/
6 April 2010 - "... "wormable PDF" research comes days after another security researcher, Didier Stevens, showed how it was possible to both embed malicious executables in PDFs and manipulate pop-up dialog boxes to trick victims into running a malicious payload. Both Adobe and FoxIT* are working on a fix against the security shortcomings in their respective PDF viewing packages illustrated by the research..."
* http://forums.spybot.info/showpost.php?p=366164&postcount=63

- http://blogs.adobe.com/adobereader/2010/04/didier_stevens_launch_function.html
April 6, 2010 - "... users can use the following method to further mitigate against this risk. For consumers, open up the Preferences panel and click on "Trust Manager" in the left pane. Clear the check box 'Allow opening of non-PDF file attachments with external applications'..."

- http://sunbeltblog.blogspot.com/2010/04/poc-is-out-worm-that-spreads-via-pdfs.html
April 06, 2010

Also:
- http://isc.sans.org/diary.html?storyid=8545
Last Updated: 2010-03-31 19:04:25 UTC
- http://www.f-secure.com/weblog/archives/00001923.html
March 31, 2010

- http://www.eset.com/blog/2010/04/06/pdfs-exploitable-im-shocked
"... Patches are due out April 13th for the Adobe Acrobat Reader..."

:fear:
 
Last edited:
PDF used to Install Zeus

FYI...

PDF ...used to Install Zeus
- http://www.m86security.com/labs/i/PDF-Launch-Feature-Used-to-Install-Zeus,trace.1301~.asp
Apr, 14, 2010 - "Today we began seeing emails... claiming to be from Royal Mail with an attached PDF file... This PDF uses a feature, specified in the PDF format, known as a Launch action. A Launch action is intended to be used to run an application or opening or printing a document. Recently it has been discovered by a security researcher that this feature can be used to run an executable embedded within the PDF file. This PDF also contains an attachment (PDFs can have an attachment embedded within them, just like emails) named Royal_Mail_Delivery_Notice.pdf which has been compressed inside the PDF file. This attachment is actually an executable file and if run, will install the Zeus bot... When this PDF is opened In Adobe Reader with JavaScript enabled, the exportDataOject function causes a dialog box to be displayed asking the user to “Specify a file to extract to”. The default file is the name of the attachment, Royal_Mail_Delivery_Notice.pdf. This could be somewhat confusing to users, and not really knowing what is happening, they may just click save (It appears as if they are just saving a PDF file after all). Users of Foxit PDF reader will get no warning and the attachment will be saved to the users Documents folder... Once the exportDataOject function has completed, the Launch action is run. The Launch action is used to execute the Windows command interpreter (cmd.exe) and is given a command line to execute... This command line searches for the previously saved Royal_Mail_Delivery_Notice.pdf file in some commonly used folders such as My Documents and Desktop and then tries to run the file. (Remember that this is actually the executable file). Adobe Reader will pop up the box shown below and the command will only be run it the user clicks ‘Open’. The latest version of Foxit reader (released April 1st - v3.2.1.0401**) will display a similar warning, older versions will go ahead and execute the command without asking... If this command if successfully run, the Zeus data stealing bot is installed..."

(Screenshots available at the URL above.)

- http://www.m86security.com/newsImages/TRACE/adobeLaunch.PNG
DO NOT OPEN (Image shown)

Zbot campaign comes in a PDF
- http://securitylabs.websense.com/content/Alerts/3593.aspx
04.14.2010

* http://www.virustotal.com/analisis/...4252f5d14334bcff73a8fc951de1501d09-1271254281
File sdra64.exe received on 2010.04.14 14:11:21 (UTC)
Result: 8/40 (20%)

Adobe v9.3.2 Reader update
- http://forums.spybot.info/showpost.php?p=367597&postcount=47
April 13, 2010

Foxit v3.2.1.0401 Reader update
** http://forums.spybot.info/showpost.php?p=366164&postcount=63

:mad::mad:
 
Last edited:
OWASP Top 10 Security Risks - 2010

FYI...

OWASP Top 10 Security Risks for 2010
- http://www.owasp.org/index.php/Top_10
April 19, 2010 - "... The OWASP Top 10 Web Application Security Risks for 2010 are:
• A1: Injection
• A2: Cross-Site Scripting (XSS)
• A3: Broken Authentication and Session Management
• A4: Insecure Direct Object References
• A5: Cross-Site Request Forgery (CSRF)
• A6: Security Misconfiguration
• A7: Insecure Cryptographic Storage
• A8: Failure to Restrict URL Access
• A9: Insufficient Transport Layer Protection
• A10: Unvalidated Redirects and Forwards
... The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list..."

(More detail at the URL above.)

:fear:
 
FoxIt Reader v3.3.0.0430 released

FYI...

FoxIt Reader v3.3.0.0430 released
- http://www.foxitsoftware.com/downloads/index.php
05/04/10

What’s New in Foxit Reader 3.3
- http://www.foxitsoftware.com/downloads/reader/reader3.3.html
New features:
* Secure Trust Manager - The new Secure Trust Manager enables users to allow or deny unauthorized actions and data transmission, including URL connection, attachments PDF actions, and JavaScript functions; efficiently avoiding the attack from malicious contents and viruses.
* Improved Ask Search Button Setting - Enables users to show or hide the Ask Search Button in the Preferences menu.
* Many Bug Fixes - Fixes some bugs from previous versions including an issue where Ask Toolbar may be installed by default.
- http://forums.foxitsoftware.com/showthread.php?t=18365
May 4, 2010 - "... The new Trust Manager allows users to select a safe mode operation, once selected; no external commands will be executed by the Foxit Reader. The Trust Manager feature is easy-to-use and can be selected or deselected within the reader at the discretion of the reader.
A second feature within the new reader is an improved Foxit toolbar installation menu. In version 3.2, a number of Reader users reported that the Foxit toolbar was being installed without being notified. Foxit acknowledges this error and has resolved the issue in this new release..."

- http://www.foxitsoftware.com/pdf/reader/bugfix.htm
Fixed in Foxit Reader 3.3: Fixes some bugs from previous versions including an issue where Ask Toolbar may be installed by default.

Update available through the "Check for Updates" function:
From an admin. account > Help > Check for Updates now > FoxIt Reader 3.3.0.0430 Upgrade

- http://www.zdnet.com/blog/security/foxit-reader-intros-new-safe-reading-feature/6376
May 7, 2010
- http://i.zdnet.com/blogs/foxit_reader_safe_reading_malicious_pdf_in_action.png

:fear:
 
Last edited:
You must log in or register to reply here.
Back
Top