Code Injection Vulnerability in Foxit Reader and PhantomPDF for macOS
CVE-2020-26540
7.5HIGH
Summary
A vulnerability in Foxit Reader and PhantomPDF for macOS prior to version 4.1 allows attackers to exploit the lack of Hardened Runtime protection for code signing. This oversight can result in code injection attacks or potential information leakage, posing a significant risk to users of these applications. It is essential for users to update to the latest versions to mitigate these risks.
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved