| عنوان | https://www.wps.com/ WPS Mac 6.14.0 Privilege Defined With Unsafe Actions |
|---|
| الوصف | The Mac version of the WPS app does not have the Hardened Runtime (macOS Hardened Runtime) signing option enabled, which is a security mechanism designed to prevent code injection attacks (such as DYLD_INSERT_LIBRARY injection, dylib hijacking). Without this protection, an attacker can load a specified malicious dylib into the WPS process, thereby inheriting the access rights of WPS and bypassing the TCC (Transparency, Consent and Control) mechanism. |
|---|
| المصدر | ⚠️ https://github.com/Rsec-1/wps |
|---|
| المستخدم | RSec (UID 79422) |
|---|
| ارسال | 23/12/2024 05:14 PM (1 سنة منذ) |
|---|
| الاعتدال | 08/01/2025 12:57 PM (16 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 290779 [Kingsoft WPS Office 6.14.0 على macOS TCC تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|