• 16 critical, high, and medium‑severity vulnerabilities found in Foxit and Apryse PDF platforms. • Flaws include DOM XSS, SSRF, path traversal, and OS command injection. • Attackers could exploit vulnerabilities via crafted PDFs, URLs, or messages. • Exploits enable account takeover, data exfiltration, and arbitrary code execution. • Novee’s AI‑powered research uncovered flaws in embedded PDF viewers. • Single‑request attacks affected trusted domains within enterprise applications. • Foxit and Apryse promptly patched vulnerabilities after responsible disclosure.
Article Summaries:
- Researchers at Novee identified 16 vulnerabilities across Foxit and Apryse PDF platforms, including critical, high‑ and medium‑severity flaws such as XSS, SSRF, path traversal, and OS command injection. The bugs could allow attackers to take over accounts, exfiltrate data, and persistently compromise embedded PDF viewers via crafted documents or URLs. Novee responsibly disclosed the findings; both vendors have released patches and updated documentation. Foxit and Apryse confirmed swift remediation and reiterated their commitment to responsible disclosure and ongoing security improvements. The incident highlights how components once deemed low risk can become significant attack surfaces.
Sources: