PT-2020-11281 · Apple · Gatekeeper+1

Filippo Cavallarin

Published

2020-10-27

Updated

2020-11-04

CVE-2019-8656

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions macOS versions prior to 10.14.6 Security Update versions prior to 2019-004 High Sierra Security Update versions prior to 2019-004 Sierra

Description The issue allows an attacker to bypass Gatekeeper by extracting a zip file containing a symbolic link to an endpoint in an NFS mount that is attacker-controlled. This is achieved through files mounted through a network share.

Recommendations For macOS versions prior to 10.14.6, update to macOS Mojave 10.14.6. For Security Update versions prior to 2019-004 High Sierra, apply Security Update 2019-004 High Sierra. For Security Update versions prior to 2019-004 Sierra, apply Security Update 2019-004 Sierra.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2019-8656

Affected Products

Gatekeeper

Apple Macos

PT-2020-11281 · Apple · Gatekeeper+1

CVE-2019-8656

Related Identifiers

Affected Products

References · 5