P1Tsi

**Name of the Vulnerable Software and Affected Versions** Canva for Mac versions prior to 1.117.1 **Description** The Canva for Mac desktop app, when distributed through the Mac App Store, was released without Hardened Runtime enabled. This allowed a local attacker with standard user privileges to run arbitrary code with the same permissions granted to Canva through the Transparency, Consent, and Control (TCC) framework. TCC manages user permissions for accessing protected resources on macOS. **Recommendations** Update to version 1.117.1 or later.