Karmaz95

**Name of the Vulnerable Software and Affected Versions** Arduino IDE versions prior to 2.3.7 **Description** Arduino IDE for macOS, before version 2.3.7, had overly permissive security entitlements. This configuration bypassed macOS Hardened Runtime protections, allowing attackers to inject malicious dynamic libraries into the application process. Successful exploitation granted attackers access to all Transparency, Consent, and Control (TCC) permissions assigned to the application. **Recommendations** Update to version 2.3.7 or later.

**Name of the Vulnerable Software and Affected Versions** Arduino IDE versions prior to 2.3.7 **Description** Arduino IDE for macOS, before version 2.3.7, was installed with overly permissive file permissions on critical application components. This allowed any local user to replace legitimate files with malicious code. When another user launched the application, the malicious code would execute with their privileges, potentially leading to privilege escalation and unauthorized access to sensitive data. **Recommendations** Update to version 2.3.7 or later.

**Name of the Vulnerable Software and Affected Versions** Mattermost versions prior to 6.0.0 **Description** The Mattermost Desktop App does not enable the Hardened Runtime when packaged for the Mac App Store for versions prior to 6.0.0. This allows an attacker to obtain TCC permissions by copying the application binary to a temporary folder. TCC (Transparency, Consent, and Control) is a macOS security feature that manages user permissions for accessing protected resources. Inheriting these permissions could allow unauthorized access to sensitive data. **Recommendations** Update to Mattermost Desktop App version 6.0.0 or later.

**Name of the Vulnerable Software and Affected Versions** Sparkle framework versions prior to 2.7.2 **Description** The Sparkle framework includes an XPC service, `Downloader.xpc`, which is, by default, private to the application it is bundled with. A local, unprivileged attacker can register this XPC service globally, inheriting the application’s TCC permissions. The lack of validation of connecting clients allows the attacker to copy TCC-protected files to an arbitrary location. Access to other resources beyond granted permissions requires user interaction with a system prompt asking for permission. **Recommendations** Update to Sparkle framework version 2.7.2 or later.

**Name of the Vulnerable Software and Affected Versions** Sparkle versions prior to 2.7.2 **Description** The Sparkle framework’s Autoupdate tool lacks authentication for connecting clients. This allows a local, unprivileged attacker to request the installation of a crafted malicious PKG file, leading to local privilege escalation to root privileges. The Autoupdate tool can be manually spawned via the Installer XPC service, but this requires the victim to enter credentials upon system authorization dialog creation, which can be modified by the attacker. **Recommendations** Upgrade to version 2.7.2.