CVE-2025-24091

An app could impersonate system notifications. Sensitive notifications now require restricted entitlements. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.3. An app may be able to cause a denial-of-service...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Circumvention of security measure - Execution of arbitrary code root/admin privileges - Execution o...

GHSA-XMVV-W44W-J8WX Mattermost Desktop App allows the bypass of Transparency, Consent, and Control (TCC) via code injection

Mattermost Desktop App versions =5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control TCC via code injection...

Mattermost Desktop App allows the bypass of Transparency, Consent, and Control (TCC) via code injection

Mattermost Desktop App versions =5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control TCC via code injection...

CVE-2025-1398

Mattermost Desktop App versions =5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control TCC via code injection...

CVE-2025-1398

Mattermost Desktop App versions =5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control TCC via code injection...

CVE-2025-1398

Mattermost Desktop App (Mac) versions

CVE-2024-54463

This issue was addressed with improved entitlements. This issue is fixed in macOS Sequoia 15. An app may be able to access removable volumes without user consent...

CVE-2024-54463

This issue was addressed with improved entitlements. This issue is fixed in macOS Sequoia 15. An app may be able to access removable volumes without user consent...

CVE-2024-54463

This issue was addressed with improved entitlements. This issue is fixed in macOS Sequoia 15. An app may be able to access removable volumes without user consent...

CVE-2024-55950

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.216, Tabby terminal emulator contains overly permissive entitlements that are unnecessary for its core functionality and plugin system, creating potential security vulnerabilities. The application currently holds...

CVE-2024-55950

Tabby (formerly Terminus) prior to version 1.0.216 is affected by a vulnerability caused by overly permissive entitlements that enable dangerous capabilities (camera, microphone, and access to personal folders) through Apple Events, plus entitlements that can permit code injection. The root cause...

CVE-2024-55950 Tabby has a TCC Bypass via Unnecessary Permissive Entitlements in Tabby

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.216, Tabby terminal emulator contains overly permissive entitlements that are unnecessary for its core functionality and plugin system, creating potential security vulnerabilities. The application currently holds...

CVE-2024-55950 Tabby has a TCC Bypass via Unnecessary Permissive Entitlements in Tabby

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.216, Tabby terminal emulator contains overly permissive entitlements that are unnecessary for its core functionality and plugin system, creating potential security vulnerabilities. The application currently holds...

PT-2024-36614 · Tabby · Tabby

Name of the Vulnerable Software and Affected Versions: Tabby versions prior to 1.0.216 Description: The Tabby terminal emulator contains overly permissive entitlements that are unnecessary for its core functionality and plugin system, creating potential security vulnerabilities. The application...

CVE-2024-8272

CVE-2024-8272 affects macOS Universal Audio (UAConnect) and targets the com.uaudio.bsd.helper service. The issue is a missing validation of clients during XPC IPC: the service does not verify code requirements, entitlements, or security flags of connecting clients, enabling unauthorized clients t...

Microsoft Reveals macOS Vulnerability that Bypasses Privacy Controls in Safari Browser

Microsoft has disclosed details about a now-patched security flaw in Apple's Transparency, Consent, and Control TCC framework in macOS that has likely come under exploitation to get around a user's privacy preferences and access data. The shortcoming, codenamed HM Surf by the tech giant, is track...

CVE-2024-45599

Cursor is an artificial intelligence code editor. Prior to version 0.41.0, if a user on macOS has granted Cursor access to the camera or microphone, any program that is run on the machine is able to access the camera or the microphone without explicitly being granted access, through a DyLib...

PT-2024-31700 · Cursor · Cursor

Name of the Vulnerable Software and Affected Versions: Cursor versions prior to 0.41.0 Description: The issue affects Cursor, an artificial intelligence code editor, on macOS. If a user has granted Cursor access to the camera or microphone, any program run on the machine can access these devices...

New Flaws in Microsoft macOS Apps Could Allow Hackers to Gain Unrestricted Access

Eight vulnerabilities have been uncovered in Microsoft applications for macOS that an adversary could exploit to gain elevated privileges or access sensitive data by circumventing the operating system's permissions-based model, which revolves around the Transparency, Consent, and Control TCC...