PT-2025-47233 · Canva · Canva For Mac
P1Tsi
·
Publicado
2025-11-18
·
Atualizado
2025-11-18
·
CVE-2025-12792
CVSS v3.1
3.2
Baixa
| Vetor | AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Canva for Mac versions prior to 1.117.1
Description
The Canva for Mac desktop app, when distributed through the Mac App Store, was released without Hardened Runtime enabled. This allowed a local attacker with standard user privileges to run arbitrary code with the same permissions granted to Canva through the Transparency, Consent, and Control (TCC) framework. TCC manages user permissions for accessing protected resources on macOS.
Recommendations
Update to version 1.117.1 or later.
Correção
LPE
Incorrect Default Permissions
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Canva For Mac