CVE-2020-14977

Name of the Vulnerable Software and Affected Versions F-Secure SAFE version 17.7

Description An issue was discovered in F-Secure SAFE on macOS, where the XPC services use the PID to identify the connecting client. This allows an attacker to perform a PID reuse attack, connect to a privileged XPC service, and execute privileged commands on the system. The attacker needs to execute code on an already compromised machine.

Recommendations For F-Secure SAFE version 17.7, consider restricting access to the XPC services as a temporary workaround until a patch is available. Additionally, ensure that no unauthorized code is executed on the system to prevent exploitation of this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.