Carlospolop

**Name of the Vulnerable Software and Affected Versions** Support App versions prior to 2.5.1 Rev 2 **Description** The issue is related to the postinstall installer script, which can be abused to execute arbitrary code as root due to the use of the shebang `#!/bin/zsh`. When the installer is executed, it loads the file `$HOME/.zshenv`, allowing an attacker to add malicious code and escalate privileges on the system. **Recommendations** For versions prior to 2.5.1 Rev 2, upgrade to version 2.5.1 Rev 2 to address the issue. As a temporary workaround, consider restricting access to the `$HOME/.zshenv` file to minimize the risk of exploitation. Avoid using the postinstall installer script until the issue is resolved.