CVE-2024-8270

Name of the Vulnerable Software and Affected Versions Rocket.Chat (affected versions not specified)

Description The issue allows bypassing Transparency, Consent, and Control (TCC) policies, enabling the exploitation or abuse of permissions specified in its entitlements, such as microphone, camera, automation, and network client. The application is vulnerable to DYLIB injection attacks due to not being signed with the Hardened Runtime nor set to enforce Library Validation, which can lead to unauthorized actions or escalation of permissions. As a result, an attacker gains capabilities that are not permitted by default under the Sandbox and its application profile.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.