| タイトル | https://www.wps.com/ WPS Mac 6.14.0 Privilege Defined With Unsafe Actions |
|---|
| 説明 | The Mac version of the WPS app does not have the Hardened Runtime (macOS Hardened Runtime) signing option enabled, which is a security mechanism designed to prevent code injection attacks (such as DYLD_INSERT_LIBRARY injection, dylib hijacking). Without this protection, an attacker can load a specified malicious dylib into the WPS process, thereby inheriting the access rights of WPS and bypassing the TCC (Transparency, Consent and Control) mechanism. |
|---|
| ソース | ⚠️ https://github.com/Rsec-1/wps |
|---|
| ユーザー | RSec (UID 79422) |
|---|
| 送信 | 2024年12月23日 17:14 (1 年 ago) |
|---|
| モデレーション | 2025年01月08日 12:57 (16 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 290779 [Kingsoft WPS Office 6.14.0 上 macOS TCC 特権昇格] |
|---|
| ポイント | 20 |
|---|