An issue was discovered in Foxit Reader and PhantomPDF before 4.1 on macOS. Because the Hardened Runtime protection mechanism is not applied to code signing, code injection (or an information leak) can occur.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26540
Reference (s):
- https://www.foxitsoftware.com/support/security-bulletins.html