PT-2025-34758 · Apple+1 · Apple Macos+1
Karol Mazurek
·
Publicado
2025-08-26
·
Atualizado
2025-08-26
·
CVE-2025-8700
CVSS v4.0
4.8
Média
| Vetor | AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
Invoice Ninja versions prior to 5.0.175
Description:
Invoice Ninja on macOS is susceptible to a local privilege escalation issue. The presence of the “com.apple.security.get-task-allow” entitlement allows local attackers with unprivileged access to attach a debugger, read or modify process memory, and inject code into the application's context, even with Hardened Runtime and Transparency, Consent, and Control (TCC) enabled. Access is limited to previously granted user permissions, but the entitlement bypasses a system authorization dialog normally required for debugging tools.
Recommendations:
Update to version 5.0.175 or later.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Invoice Ninja
Apple Macos