The fixes arrive in the July 8, 2026 security release and cover multiple Windows and macOS versions, with several flaws rated Important and capable of arbitrary code execution.
Many of the flaws can be triggered by specially crafted PDF files, including those containing embedded JavaScript, abnormal annotations, malformed page trees, corrupted signature fields, or deceptive XDP content.
Foxit also patched a local privilege escalation issue in the update mechanism, in which the service could load
malicious DLLs or executables with elevated privileges during update checks.
Foxit has patched 20 remote code execution vulnerabilities in PDF Reader and PDF Editor, urging users to update immediately.
cybersecuritynews.com