PT-2017-15468 · Objective Development · Little Snitch
Published
2017-04-06
·
Updated
2020-11-09
·
CVE-2017-2675
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Little Snitch versions 3.0 through 3.7.3
Description
The issue is related to a local privilege escalation in the installer part, specifically concerning the installation of the configuration file
at.obdev.littlesnitchd.plist to /Library/LaunchDaemons.Recommendations
For versions 3.0 through 3.7.3, consider removing the vulnerable configuration file
at.obdev.littlesnitchd.plist from /Library/LaunchDaemons as a temporary mitigation measure.
At the moment, there is no information about a newer version that contains a fix for this vulnerability. Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Little Snitch