Code Injection Vulnerability in Foxit Reader and PhantomPDF for macOS
CVE-2020-26540

7.5HIGH

Key Information:

Vendor
Foxit
Vendor
CVE Published:
2 October 2020

Summary

A vulnerability in Foxit Reader and PhantomPDF for macOS prior to version 4.1 allows attackers to exploit the lack of Hardened Runtime protection for code signing. This oversight can result in code injection attacks or potential information leakage, posing a significant risk to users of these applications. It is essential for users to update to the latest versions to mitigate these risks.

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.