Cybersecurity specialists report the detection of two severe vulnerabilities in Nitro Pro, one of the most popular programs for reading and editing PDF files. According to the report, the successful exploitation of these faults would allow the deployment of severe risk scenarios.
Below is a brief report of the detected flaws, in addition to their respective identification keys and scores assigned according to the Common Vulnerability Scoring System (CVSS).
The vulnerability received a CVSS score of 7.7/10 and its successful exploitation would allow full compromise of the target system, so it is considered a high severity error.
This flaw received a CVSS score of 7.7/10 and its successful exploitation would allow threat actors to gain full access to the target system.
According to the report, both bugs reside in the following versions of Nitro Pro: v220.127.116.115 and v18.104.22.1685.
While vulnerabilities can be exploited by unauthenticated threat actors through the use of PDF documents, cybersecurity experts have not detected active exploitation attempts or the existence of a malware variant associated with the attack. Security patches are now available, so users of affected deployments are encouraged to upgrade as soon as possible.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.