Lucene search
K

360 matches found

The Hacker News
The Hacker News
added 2024/09/03 4:1 a.m.26 views

New Flaws in Microsoft macOS Apps Could Allow Hackers to Gain Unrestricted Access

Eight vulnerabilities have been uncovered in Microsoft applications for macOS that an adversary could exploit to gain elevated privileges or access sensitive data by circumventing the operating system's permissions-based model, which revolves around the Transparency, Consent, and Control TCC...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2024/08/19 10:0 a.m.30 views

How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions

Cisco Talos has identified eight vulnerabilities in Microsoft applications for the macOS operating system. An adversary could exploit these vulnerabilities by injecting malicious libraries into Microsofts applications to gain their entitlements and user-granted permissions. Permissions regulate...

7.3AI score0.00881EPSS
Exploits8
Talos
Talos
added 2024/08/19 12:0 a.m.45 views

Microsoft Excel for macOS library injection vulnerability

Talos Vulnerability Report TALOS-2024-1976 Microsoft Excel for macOS library injection vulnerability August 19, 2024 CVE Number CVE-2024-43106 SUMMARY A library injection vulnerability exists in Microsoft Excel 16.83 for macOS. A specially crafted library can leverage Excel’s access privileges,...

9.1CVSS6.7AI score0.00722EPSS
Exploits1
Talos
Talos
added 2024/08/19 12:0 a.m.26 views

Microsoft OneNote for macOS library injection vulnerability

Talos Vulnerability Report TALOS-2024-1975 Microsoft OneNote for macOS library injection vulnerability August 19, 2024 CVE Number CVE-2024-41159 SUMMARY A library injection vulnerability exists in Microsoft OneNote 16.83 for macOS. A specially crafted library can leverage OneNote’s access...

7.1CVSS6.7AI score0.00818EPSS
Exploits1
OSV
OSV
added 2024/03/08 2:15 a.m.7 views

CVE-2024-23260

This issue was addressed by removing additional entitlements. This issue is fixed in macOS Sonoma 14.4. An app may be able to access user-sensitive data...

5.5CVSS7.3AI score0.00218EPSS
Exploits0References3
NVD
NVD
added 2024/03/08 2:15 a.m.16 views

CVE-2024-23260

This issue was addressed by removing additional entitlements. This issue is fixed in macOS Sonoma 14.4. An app may be able to access user-sensitive data...

5.5CVSS6.9AI score0.00218EPSS
Exploits0References4
OSV
OSV
added 2024/03/08 2:15 a.m.4 views

CVE-2024-23233

This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4. Entitlements and privacy permissions granted to this app may be used by a malicious app...

7.8CVSS5.7AI score0.0022EPSS
Exploits0References3
NVD
NVD
added 2024/03/08 2:15 a.m.19 views

CVE-2024-23233

This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4. Entitlements and privacy permissions granted to this app may be used by a malicious app...

7.8CVSS6.7AI score0.0022EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/03/08 1:35 a.m.16 views

CVE-2024-23233

This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4. Entitlements and privacy permissions granted to this app may be used by a malicious app...

5.9AI score0.0022EPSS
Exploits0References1
CVE
CVE
added 2024/03/08 1:35 a.m.80 views

CVE-2024-23233

CVE-2024-23233 affects macOS Sonoma 14.4 (and prior) where entitlements and privacy permissions granted to an app could be leveraged by a malicious app. The issue was addressed with improved checks and is fixed in macOS Sonoma 14.4. Affected component is the entitlement/privacy-permission handlin...

7.8CVSS6.5AI score0.0022EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2024/03/08 1:35 a.m.27 views

CVE-2024-23233

This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4. Entitlements and privacy permissions granted to this app may be used by a malicious app...

6.8AI score0.0022EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/08 1:35 a.m.24 views

CVE-2024-23260

This issue was addressed by removing additional entitlements. This issue is fixed in macOS Sonoma 14.4. An app may be able to access user-sensitive data...

7.1AI score0.00218EPSS
Exploits0References1
CVE
CVE
added 2024/03/08 1:35 a.m.75 views

CVE-2024-23260

CVE-2024-23260 affects macOS Sonoma before 14.4; root cause: removal of additional entitlements reduces access to user-sensitive data. Fixed in macOS Sonoma 14.4; impact: an app may be able to access user-sensitive data. No exploits detailed in provided sources.

5.5CVSS5.9AI score0.00218EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/07 12:0 a.m.3 views

PT-2024-19728 · Apple · Macos Sonoma +1

Name of the Vulnerable Software and Affected Versions: macOS Sonoma versions prior to 14.4 Description: The issue allows entitlements and privacy permissions granted to an app to be used by a malicious app. This was addressed with improved checks. Recommendations: For macOS Sonoma versions prior ...

7.8CVSS7.8AI score0.0022EPSS
Exploits0References7
Microsoft CVE
Microsoft CVE
added 2024/02/05 8:0 a.m.3 views

BuildKit interactive containers API does not validate entitlements check

...

9.8CVSS6.7AI score0.02983EPSS
Exploits0
OSV
OSV
added 2024/01/31 10:43 p.m.25 views

GHSA-WR6V-9F75-VH2G Buildkit's interactive containers API does not validate entitlements check

Impact In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, running such containers is only allowed if specia...

9.8CVSS8.3AI score0.02983EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2024/01/31 10:43 p.m.32 views

Buildkit's interactive containers API does not validate entitlements check

Impact In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, running such containers is only allowed if specia...

9.8CVSS6.9AI score0.02983EPSS
Exploits0References7Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/31 10:3 p.m.31 views

CVE-2024-23653 BuildKit interactive containers API does not validate entitlements check

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask...

9.8CVSS6.9AI score0.02983EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/01/31 10:3 p.m.28 views

CVE-2024-23653 BuildKit interactive containers API does not validate entitlements check

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask...

9.8CVSS9.7AI score0.02983EPSS
Exploits0References3
Snyk
Snyk
added 2023/12/11 12:0 p.m.2 views

Improper Handling of Insufficient Privileges (Leaky Vessels)

Overview Affected versions of this package are vulnerable to Improper Handling of Insufficient Privileges Leaky Vessels via APIs for running interactive containers based on built images. It is possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, runnin...

9.8CVSS7AI score0.02983EPSS
Exploits0References2
Rows per page
Query Builder