CVE-2020-15349

Name of the Vulnerable Software and Affected Versions BinaryNights ForkLift versions 3.x before 3.4

Description The issue is related to a local privilege escalation due to the implementation of an XPC interface in the privileged helper tool. This interface allows any process to perform file operations such as copy, move, delete as root, and also change permissions.

Recommendations For BinaryNights ForkLift versions 3.x before 3.4, update to version 3.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the XPC interface implemented by the privileged helper tool to minimize the risk of exploitation.