CVE-2025-5963

Name of the Vulnerable Software and Affected Versions: Postbox versions (affected versions not specified)

Description: The Postbox's configuration on macOS allows for Dynamic Library (Dylib) injection due to the presence of certain entitlements. A local attacker with unprivileged access can use environment variables like DYLD INSERT LIBRARIES to inject code in the application's context and bypass Transparency, Consent, and Control (TCC). The acquired resource access is limited to previously granted permissions by the user. Access to other resources beyond granted permissions requires user interaction with a system prompt asking for permission.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.