| 제목 | https://www.wps.com/ WPS Mac 6.14.0 Privilege Defined With Unsafe Actions |
|---|
| 설명 | The Mac version of the WPS app does not have the Hardened Runtime (macOS Hardened Runtime) signing option enabled, which is a security mechanism designed to prevent code injection attacks (such as DYLD_INSERT_LIBRARY injection, dylib hijacking). Without this protection, an attacker can load a specified malicious dylib into the WPS process, thereby inheriting the access rights of WPS and bypassing the TCC (Transparency, Consent and Control) mechanism. |
|---|
| 원천 | ⚠️ https://github.com/Rsec-1/wps |
|---|
| 사용자 | RSec (UID 79422) |
|---|
| 제출 | 2024. 12. 23. PM 05:14 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 01. 08. PM 12:57 (16 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 290779 [Kingsoft WPS Office 6.14.0 켜짐 macOS TCC 권한 상승] |
|---|
| 포인트들 | 20 |
|---|