Reacting to a demonstration that showed how attackers could force-feed malware to users without exploiting an actual vulnerability, Foxit Software patched its PDF viewer last week.

But the Belgium-based researcher who showed how hackers could run executable code on a Windows PC from a malformed PDF said today that Foxit's fix didn't protect users from his attack tactics.

The April 1 update to Foxit Reader, a popular alternative to Adobe System Inc.'s Reader, adds a warning that pops up when a PDF tries to launch an executable, a function that's permitted by the PDF specification. The change makes Foxit Reader behave similarly to Adobe Reader, which already sports such a warning.

More: http://www.computerworld.com/s/article/9174872/