CVE-2021-42754

Name of the Vulnerable Software and Affected Versions FortiClientMacOS versions 7.0.0 and below FortiClientMacOS versions 6.4.5 and below

Description An improper control of generation of code issue may allow an authenticated attacker to hijack the MacOS camera without user permission via a malicious dylib file. This could potentially affect a significant number of devices worldwide, although the exact number is not specified. The issue involves the generation of code in a way that can be exploited by an attacker to gain unauthorized access to the camera.

Recommendations For FortiClientMacOS versions 7.0.0 and below, update to a version above 7.0.0 to resolve the issue. For FortiClientMacOS versions 6.4.5 and below, update to a version above 6.4.5 to resolve the issue. As a temporary workaround, consider restricting access to the camera or disabling the dylib file loading functionality until a patch is available.