Code injection

2023-11-0915:15:00

PRIOn knowledge base

www.prio-n.com

code injection

macos

privileged helper

arbitrary commands

local user

nvd

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

The AppsAnywhere macOS client-privileged helper can be tricked into executing arbitrary commands with elevated permissions by a local user process.

CPENameOperatorVersion
appsanywhere_clienteq1.4.1
appsanywhere_clienteq1.5.1
appsanywhere_clienteq1.5.2
appsanywhere_clienteq1.6.0
appsanywhere_clienteq2.0.0
appsanywhere_clienteq1.4.0

Name	Operator	Version
appsanywhere_client	eq	1.4.1
appsanywhere_client	eq	1.5.1
appsanywhere_client	eq	1.5.2
appsanywhere_client	eq	1.6.0
appsanywhere_client	eq	2.0.0
appsanywhere_client	eq	1.4.0

References

docs.appsanywhere.com/appsanywhere/3.1/2023-11-security-advisory