Lucene search
+L

6 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 3:53 a.m.14 views

CVE-2024-27301

Support App is an opensource application specialized in managing Apple devices. It's possible to abuse a vulnerability inside the postinstall installer script to make the installer execute arbitrary code as root. The cause of the vulnerability is the fact that the shebang !/bin/zsh is being used...

7.3CVSS7.4AI score0.00321EPSS
Exploits1References1
Circl
Circl
added 2024/03/14 8:27 p.m.6 views

CVE-2024-27301

creationtimestamp| type| source ---|---|--- 2024-03-14 20:27:03+00:00| seen| https://t.me/ctinow/208106 2024-03-14 20:32:05+00:00| seen| https://t.me/ctinow/208120...

7.3CVSS4.8AI score0.00321EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/03/14 6:37 p.m.39 views

CVE-2024-27301 Privilege Escalation Abusing installer in SupportApp

Support App is an opensource application specialized in managing Apple devices. It's possible to abuse a vulnerability inside the postinstall installer script to make the installer execute arbitrary code as root. The cause of the vulnerability is the fact that the shebang !/bin/zsh is being used...

7.3CVSS7.5AI score0.00321EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/03/14 6:37 p.m.21 views

CVE-2024-27301 Privilege Escalation Abusing installer in SupportApp

Support App is an opensource application specialized in managing Apple devices. It's possible to abuse a vulnerability inside the postinstall installer script to make the installer execute arbitrary code as root. The cause of the vulnerability is the fact that the shebang !/bin/zsh is being used...

7.3CVSS7.9AI score0.00321EPSS
Exploits1References2
CVE
CVE
added 2024/03/14 6:37 p.m.81 views

CVE-2024-27301

CVE-2024-27301 affects Support App (Apple devices management). The root cause is in the postinstall installer script using shebang #!/bin/zsh, which prompts for root credentials but executes within the user’s HOME, loading $HOME/.zshenv; an attacker can inject code into that file to gain root pri...

7.3CVSS7.4AI score0.00321EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/03/14 6:37 p.m.26 views

CVE-2024-27301 Privilege Escalation Abusing installer in SupportApp

Support App is an opensource application specialized in managing Apple devices. It's possible to abuse a vulnerability inside the postinstall installer script to make the installer execute arbitrary code as root. The cause of the vulnerability is the fact that the shebang !/bin/zsh is being used...

7.3CVSS7.7AI score0.00321EPSS
Exploits1References4
Rows per page
Query Builder