Submit #468013: https://www.wps.com/ WPS Mac 6.14.0 Privilege Defined With Unsafe Actionsinfo

Titelhttps://www.wps.com/ WPS Mac 6.14.0 Privilege Defined With Unsafe Actions
BeschreibungThe Mac version of the WPS app does not have the Hardened Runtime (macOS Hardened Runtime) signing option enabled, which is a security mechanism designed to prevent code injection attacks (such as DYLD_INSERT_LIBRARY injection, dylib hijacking). Without this protection, an attacker can load a specified malicious dylib into the WPS process, thereby inheriting the access rights of WPS and bypassing the TCC (Transparency, Consent and Control) mechanism.
Quelle⚠️ https://github.com/Rsec-1/wps
Benutzer
 RSec (UID 79422)
Einreichung23.12.2024 17:14 (vor 1 Jahr)
Moderieren08.01.2025 12:57 (16 days later)
StatusAkzeptiert
VulDB Eintrag290779 [Kingsoft WPS Office 6.14.0 auf macOS TCC erweiterte Rechte]
Punkte20

ZurückÜbersichtWeiter

Want to know what is going to be exploited?

We predict KEV entries!