CVE-2024-40592

Name of the Vulnerable Software and Affected Versions FortiClient MacOS versions 7.4.0, 7.2.4 and below, 7.0.10 and below, 6.4.10 and below

Description The issue is related to an improper verification of cryptographic signature, which may allow a local authenticated attacker to swap the installer with a malicious package via a race condition during the installation process. This could potentially impact the confidentiality, integrity, and availability of information.

Recommendations For versions 7.4.0, 7.2.4 and below, 7.0.10 and below, 6.4.10 and below, consider disabling the installation process until a patch is available to prevent exploitation. As a temporary workaround, restrict access to the installation module to minimize the risk of exploitation. Avoid using the affected FortiClient MacOS versions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.