CVE-2018-10470

Name of the Vulnerable Software and Affected Versions: Little Snitch versions 4.0 through 4.0.6

Description: The issue arises from the use of the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag, which results in the failure to validate all architectures stored in a fat binary. An attacker can craft a malicious fat binary containing multiple architectures, causing Little Snitch to incorrectly treat the running process as having no code signature while indicating that the binary on disk has a valid code signature. This could lead to confusion among users about the validity of the code signature.

Recommendations: For Little Snitch versions 4.0 through 4.0.6, consider updating to a version that includes the fix for this issue, as using the SecStaticCodeCheckValidityWithErrors() function with the kSecCSCheckAllArchitectures flag would resolve the problem. However, since the fixed version is not specified, at the moment, there is no information about a newer version that contains a fix for this vulnerability.