6 matches found
CVE-2024-27301
Support App is an opensource application specialized in managing Apple devices. It's possible to abuse a vulnerability inside the postinstall installer script to make the installer execute arbitrary code as root. The cause of the vulnerability is the fact that the shebang !/bin/zsh is being used...
CVE-2024-27301
creationtimestamp| type| source ---|---|--- 2024-03-14 20:27:03+00:00| seen| https://t.me/ctinow/208106 2024-03-14 20:32:05+00:00| seen| https://t.me/ctinow/208120...
CVE-2024-27301 Privilege Escalation Abusing installer in SupportApp
Support App is an opensource application specialized in managing Apple devices. It's possible to abuse a vulnerability inside the postinstall installer script to make the installer execute arbitrary code as root. The cause of the vulnerability is the fact that the shebang !/bin/zsh is being used...
CVE-2024-27301 Privilege Escalation Abusing installer in SupportApp
Support App is an opensource application specialized in managing Apple devices. It's possible to abuse a vulnerability inside the postinstall installer script to make the installer execute arbitrary code as root. The cause of the vulnerability is the fact that the shebang !/bin/zsh is being used...
CVE-2024-27301
CVE-2024-27301 affects Support App (Apple devices management). The root cause is in the postinstall installer script using shebang #!/bin/zsh, which prompts for root credentials but executes within the user’s HOME, loading $HOME/.zshenv; an attacker can inject code into that file to gain root pri...
CVE-2024-27301 Privilege Escalation Abusing installer in SupportApp
Support App is an opensource application specialized in managing Apple devices. It's possible to abuse a vulnerability inside the postinstall installer script to make the installer execute arbitrary code as root. The cause of the vulnerability is the fact that the shebang !/bin/zsh is being used...