Name of the Vulnerable Software and Affected Versions:

Electron Capture versions 2.19.1 and below

Description:

Electron Capture facilitates video playback for screen-sharing and capture. The `elecap` app on macOS allows local unprivileged users to bypass macOS TCC privacy protections by enabling the `ELECTRON RUN AS NODE` environment variable. This allows arbitrary Node.js code to be executed via the `-e` flag, running inside the main Electron context and inheriting previously granted TCC entitlements, such as access to Documents and Downloads.

Recommendations:

Update to version 2.20.0 or later.