PT-2019-13079 · Objective Development · Little Snitch

Publicado

2019-08-23

Atualizado

2021-09-08

CVE-2019-13013

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Little Snitch versions 4.3.0 through 4.3.2

Description The issue concerns a local privilege escalation in the privileged helper tool of Little Snitch. This tool implements an XPC interface that is accessible to any process, allowing for directory listings and copying files as root.

Recommendations For versions 4.3.0 through 4.3.2, consider disabling the XPC interface in the privileged helper tool until a patch is available to prevent potential exploitation.

Correção

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862CWE-264

Identificadores relacionados

CVE-2019-13013

Produtos afetados

Little Snitch

PT-2019-13079 · Objective Development · Little Snitch

CVE-2019-13013

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3