CVE-2021-45979: 
Foxit PDF Reader vulnerability analysis and mitigation

Foxit PDF Reader and PDF Editor before version 11.1 on macOS contain a vulnerability that allows remote attackers to execute arbitrary code via app.launchURL in the JavaScript API (NVD). The vulnerability was discovered and disclosed in January 2022, affecting all versions of these applications prior to version 11.1 on the macOS platform.

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. It is classified as CWE-78 (Improper Neutralization of Special Elements used in an OS Command Injection) (NVD). The vulnerability specifically involves the app.launchURL functionality in the JavaScript API, which can be exploited to execute arbitrary code.

If successfully exploited, this vulnerability allows attackers to execute arbitrary code on the affected system with the privileges of the user running the application. This could lead to complete system compromise, including unauthorized access to sensitive data, system modifications, and potential further system exploitation (NVD).

The primary mitigation is to update Foxit PDF Reader and PDF Editor to version 11.1 or later. Foxit has released patches to address this vulnerability in version 11.1 (Foxit Security Bulletins). Users should ensure their software is updated to the latest version to protect against this vulnerability.