| Title | https://www.wps.com/ WPS Mac 6.14.0 Privilege Defined With Unsafe Actions |
|---|
| Description | The Mac version of the WPS app does not have the Hardened Runtime (macOS Hardened Runtime) signing option enabled, which is a security mechanism designed to prevent code injection attacks (such as DYLD_INSERT_LIBRARY injection, dylib hijacking). Without this protection, an attacker can load a specified malicious dylib into the WPS process, thereby inheriting the access rights of WPS and bypassing the TCC (Transparency, Consent and Control) mechanism. |
|---|
| Source | ⚠️ https://github.com/Rsec-1/wps |
|---|
| User | RSec (UID 79422) |
|---|
| Submission | 12/23/2024 17:14 (1 Year ago) |
|---|
| Moderation | 01/08/2025 12:57 (16 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 290779 [Kingsoft WPS Office 6.14.0 on macOS TCC code injection] |
|---|
| Points | 20 |
|---|