PT-2021-22925 · Sketch+1 · Sketch+1

Jon Palmisciano

Published

2021-09-06

Updated

2022-04-25

CVE-2021-40531

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Sketch versions prior to 75

Description The issue allows library feeds to be used to bypass file quarantine, resulting in remote code execution. This can be achieved by using a CommandString in a terminal profile to Terminal.app, allowing files to be automatically downloaded and opened without the com.apple.quarantine extended attribute.

Recommendations For Sketch versions prior to 75, update to version 75 or later to resolve the issue. As a temporary workaround, consider disabling the use of external library feeds until a patch is available. Restrict access to terminal profiles and avoid using CommandString to minimize the risk of exploitation.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2021-40531

Affected Products

Sketch

Terminal.App

PT-2021-22925 · Sketch+1 · Sketch+1

CVE-2021-40531

Weakness Enumeration

Related Identifiers

Affected Products

References · 9