Jon Palmisciano

**Name of the Vulnerable Software and Affected Versions** Sketch versions prior to 75 **Description** The issue allows library feeds to be used to bypass file quarantine, resulting in remote code execution. This can be achieved by using a CommandString in a terminal profile to Terminal.app, allowing files to be automatically downloaded and opened without the com.apple.quarantine extended attribute. **Recommendations** For Sketch versions prior to 75, update to version 75 or later to resolve the issue. As a temporary workaround, consider disabling the use of external library feeds until a patch is available. Restrict access to terminal profiles and avoid using CommandString to minimize the risk of exploitation.