Code Injection Vulnerability in Foxit Reader and PhantomPDF for macOS
CVE-2020-26540

7.5HIGH

Key Information:

Vendor: Foxit
Status: Foxit Reader; PhantomPDF
Vendor: CVE Published:; 2 October 2020

Summary

A vulnerability in Foxit Reader and PhantomPDF for macOS prior to version 4.1 allows attackers to exploit the lack of Hardened Runtime protection for code signing. This oversight can result in code injection attacks or potential information leakage, posing a significant risk to users of these applications. It is essential for users to update to the latest versions to mitigate these risks.

References

https://www.foxitsoftware.com/support/security-bulletins....

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 2, 2020
Vulnerability Reserved
Oct 2, 2020