Vulnerabilities in Popular PDF Platforms Allowed Account Takeover, Data Exfiltration
Summary
Novee Research identified sixteen vulnerabilities in Foxit and Apryse PDF software. These vulnerabilities could be exploited via malicious PDF documents or URLs to achieve account takeover and data exfiltration. Patches are presumably available from the vendors.
IFF Assessment
FOE
Vulnerabilities allowing account takeover and data exfiltration are a significant threat to organizations.
Severity
9.0
Critical
(AI Estimated)
Defender Context
Defenders should ensure that their organization's PDF software (Foxit and Apryse specifically) is updated to the latest versions to patch these vulnerabilities. Monitor network traffic for suspicious PDF downloads and execution, especially from untrusted sources. Exploit mitigations like disabling Javascript in PDF viewers can help reduce the attack surface.