PT-2019-13079 · Objective Development · Little Snitch

Published

2019-08-23

Updated

2021-09-08

CVE-2019-13013

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Little Snitch versions 4.3.0 through 4.3.2

Description The issue concerns a local privilege escalation in the privileged helper tool of Little Snitch. This tool implements an XPC interface that is accessible to any process, allowing for directory listings and copying files as root.

Recommendations For versions 4.3.0 through 4.3.2, consider disabling the XPC interface in the privileged helper tool until a patch is available to prevent potential exploitation.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862CWE-264

Related Identifiers

CVE-2019-13013

Affected Products

Little Snitch

PT-2019-13079 · Objective Development · Little Snitch

CVE-2019-13013

Weakness Enumeration

Related Identifiers

Affected Products

References · 3