Swayzgl1Tzyyy

**Name of the Vulnerable Software and Affected Versions** Trilium Notes versions prior to 0.102.2 **Description** The Electron configuration allows a TCC Bypass via Prompt Spoofing, where TCC (Transparency, Consent, and Control) is the macOS security framework that manages permissions for sensitive resources. Local attackers can execute malicious code under the identity of the trusted application to trigger misleading permission prompts. This occurs because the `RunAsNode` fuse enables launching the application in a special Node.js mode using the `-e` flag to execute arbitrary system commands with the application's permissions. By using a subprocess, an attacker can request access to TCC-protected resources such as the camera, microphone, screen, and folders like `~/Documents` and `~/Downloads`. Since macOS treats the subprocess as part of the parent application, the system prompt appears to originate from the trusted app, facilitating social engineering attacks. **Recommendations** Update to version 0.102.2.

**Name of the Vulnerable Software and Affected Versions** Mullvad VPN versions prior to 2026.2-beta1 **Description** Mullvad VPN on macOS may allow local privilege escalation during installation or upgrade. The installer package executes binaries from '/Applications/Mullvad VPN.app' without verifying if the bundle is attacker-controlled or if the path is the legitimate application. A user in the admin group can pre-place a crafted application bundle at that location to achieve code execution as root. **Recommendations** Update to version 2026.2-beta1.

**Name of the Vulnerable Software and Affected Versions** macOS Sequoia versions prior to 15.7.7 macOS Sonoma versions prior to 14.8.7 macOS Tahoe versions prior to 26.5 **Description** A logging issue involving insufficient data redaction exists, which could allow a malicious application to break out of its sandbox. A sandbox is a security mechanism for separating running programs to prevent them from accessing unauthorized resources. **Recommendations** Update macOS Sequoia to version 15.7.7. Update macOS Sonoma to version 14.8.7. Update macOS Tahoe to version 26.5.

**Name of the Vulnerable Software and Affected Versions** FrostWire version 6.14.0-build-326 **Description** The software has permissive entitlements, specifically `allow-dyld-environment-variables` and `disable-library-validation`. These entitlements permit unprivileged local attackers to inject code into the FrostWire process using the `DYLD INSERT LIBRARIES` environment variable. This code injection can lead to escalated privileges within TCC-approved directories. The `DYLD INSERT LIBRARIES` environment variable is used to load shared libraries into a process, potentially overriding existing functionality or introducing malicious code. TCC (Transparency, Consent, and Control) is a macOS security framework that manages user permissions for accessing resources. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** iHongRen pptp-vpn versions 1.0 and 1.0.1 **Description** A security issue has been identified in iHongRen pptp-vpn on macOS. The problem resides in the `shouldAcceptNewConnection` function within the `HelpTool/HelperTool.m` file of the XPC Service component, leading to missing authentication. This allows local attackers to bypass authentication mechanisms. The exploit for this issue is publicly available. The vendor was informed of this issue but did not provide a response. **Recommendations** For iHongRen pptp-vpn version 1.0, restrict access to the vulnerable component XPC Service. For iHongRen pptp-vpn version 1.0.1, restrict access to the vulnerable component XPC Service.

**Name of the Vulnerable Software and Affected Versions** Magnetism Studios Endurance versions up to 3.3.0 **Description** A security issue exists in Magnetism Studios Endurance on macOS. The `loadModuleNamed:WithReply` function within the file `/Applications/Endurance.app/Contents/Library/LaunchServices/com.MagnetismStudios.endurance.helper` component, specifically the NSXPC Interface, is susceptible to manipulation that can result in missing authentication. The attack requires local access. **Recommendations** Versions prior to 3.3.0 should be updated.

**Name of the Vulnerable Software and Affected Versions** AIBattery versions up to 1.0.9 **Description** A vulnerability exists in AIBattery that results in missing authentication. The issue is located in an unknown function within the `AIBatteryHelper/XPC/BatteryXPCService.swift` file of the `com.collweb.AIBatteryHelper` component. Exploitation requires local access. The exploit for this issue has been made public. **Recommendations** AIBattery versions prior to 1.0.9 should be updated.

**Name of the Vulnerable Software and Affected Versions** alaneuler batteryKid versions 2.0 through 2.1 **Description** A weakness has been identified in alaneuler batteryKid on macOS. The affected element is an unknown function within the file `PrivilegeHelper/PrivilegeHelper.swift` of the `NSXPCListener` component. This manipulation results in missing authentication, allowing for local attacks. The exploit has been made publicly available. **Recommendations** Restrict access to the `NSXPCListener` component. Disable the affected function `PrivilegeHelper/PrivilegeHelper.swift`.

Name of the Vulnerable Software and Affected Versions: Mihomo Party versions through 1.8.1 Description: A vulnerability exists in Mihomo Party up to version 1.8.1 on macOS. The issue is related to the `enableSysProxy` function within the `src/main/sys/sysproxy.ts` file of the Socket Handler component, resulting in the creation of a temporary file with insecure permissions. The attack requires local access and is characterized by high complexity and difficult exploitability. The exploit is publicly available. Recommendations: Versions prior to 1.8.1 are recommended. As a temporary workaround, consider restricting access to the `enableSysProxy()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Electron Capture versions 2.19.1 and below **Description** Electron Capture facilitates video playback for screen-sharing and capture. The elecap app on macOS allows local unprivileged users to bypass macOS TCC (Transparency, Consent, and Control) privacy protections by enabling the `ELECTRON RUN AS NODE` environment variable. This variable allows arbitrary Node.js code to be executed via the `-e` flag, which runs inside the main Electron context, inheriting any previously granted TCC entitlements (such as access to Documents, Downloads, etc.). **Recommendations** Update to version 2.20.0 or later.

**Name of the Vulnerable Software and Affected Versions** Pearcleaner versions 4.4.0 through 4.5.1 **Description** Pearcleaner is a macOS application cleaner. The PearcleanerHelper, a privileged helper tool bundled with the application, registers an XPC service (`com.alienator88.Pearcleaner.PearcleanerHelper`) that accepts unauthenticated connections from any local process. This service exposes a method that executes arbitrary shell commands, allowing local unprivileged users to escalate privileges to root after the helper is approved and active. **Recommendations** Update to version 4.5.2 or later.