New vulnerability discovered by our pen test team member Antonio Zekić. Simple but cool. Another proof that old school stuff is still around. The vulnerability allows unauthorized directory listing as well as reading of arbitrary files as long as the Foxit MobilePDF server can read the file on the affected iOS device.
VULNERABILITY TITLE: Directory Traversal in Foxit MobilePDF
PRODUCT: Foxit MobilePDF for iOS
VULNERABILITY TYPE: Directory Traversal
VULNERABLE VERSION: 6.0.0 and earlier
FIXED VERSION: 6.1
CVE NUMBER: CVE-2017-16814
PRODUCT URL: https://itunes.apple.com/us/app/foxit-pdf-pdf-reader-editor/id507040546?mt=8