Описание
FrostWire 6.14.0-build-326 for macOS contains permissive entitlements (allow-dyld-environment-variables, disable-library-validation) that allow unprivileged local attackers to inject code into the FrostWire process via the DYLD_INSERT_LIBRARIES environment variable. This allows escalated privileges to arbitrary TCC-approved directories.
EPSS
Процентиль: 5%
0.00021
Низкий
5.1 Medium
CVSS3
Дефекты
CWE-269
Связанные уязвимости
CVSS3: 5.1
github
4 месяца назад
FrostWire 6.14.0-build-326 for macOS contains permissive entitlements (allow-dyld-environment-variables, disable-library-validation) that allow unprivileged local attackers to inject code into the FrostWire process via the DYLD_INSERT_LIBRARIES environment variable. This allows escalated privileges to arbitrary TCC-approved directories.
EPSS
Процентиль: 5%
0.00021
Низкий
5.1 Medium
CVSS3
Дефекты
CWE-269