PT-2025-34757 · Macvim · Macvim
Karol Mazurek
·
Published
2025-08-26
·
Updated
2025-08-26
·
CVE-2025-8597
CVSS v4.0
4.8
Medium
| Vector | AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
MacVim (affected versions not specified)
Description:
MacVim’s configuration on macOS, specifically the presence of the “com.apple.security.get-task-allow” entitlement, allows local attackers with unprivileged access to attach a debugger, read or modify process memory, and inject code into the application's context, even with Hardened Runtime and bypassing Transparency, Consent, and Control (TCC). Resource access is limited to previously granted user permissions; access beyond these requires user interaction with a system prompt. The absence of a prompt when the target process has the “get-task-allow” entitlement is considered a security issue as it removes a step needed to perform an attack.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Macvim