360 matches found
New Flaws in Microsoft macOS Apps Could Allow Hackers to Gain Unrestricted Access
Eight vulnerabilities have been uncovered in Microsoft applications for macOS that an adversary could exploit to gain elevated privileges or access sensitive data by circumventing the operating system's permissions-based model, which revolves around the Transparency, Consent, and Control TCC...
How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions
Cisco Talos has identified eight vulnerabilities in Microsoft applications for the macOS operating system. An adversary could exploit these vulnerabilities by injecting malicious libraries into Microsofts applications to gain their entitlements and user-granted permissions. Permissions regulate...
Microsoft Excel for macOS library injection vulnerability
Talos Vulnerability Report TALOS-2024-1976 Microsoft Excel for macOS library injection vulnerability August 19, 2024 CVE Number CVE-2024-43106 SUMMARY A library injection vulnerability exists in Microsoft Excel 16.83 for macOS. A specially crafted library can leverage Excel’s access privileges,...
Microsoft OneNote for macOS library injection vulnerability
Talos Vulnerability Report TALOS-2024-1975 Microsoft OneNote for macOS library injection vulnerability August 19, 2024 CVE Number CVE-2024-41159 SUMMARY A library injection vulnerability exists in Microsoft OneNote 16.83 for macOS. A specially crafted library can leverage OneNote’s access...
CVE-2024-23260
This issue was addressed by removing additional entitlements. This issue is fixed in macOS Sonoma 14.4. An app may be able to access user-sensitive data...
CVE-2024-23260
This issue was addressed by removing additional entitlements. This issue is fixed in macOS Sonoma 14.4. An app may be able to access user-sensitive data...
CVE-2024-23233
This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4. Entitlements and privacy permissions granted to this app may be used by a malicious app...
CVE-2024-23233
This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4. Entitlements and privacy permissions granted to this app may be used by a malicious app...
CVE-2024-23233
This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4. Entitlements and privacy permissions granted to this app may be used by a malicious app...
CVE-2024-23233
CVE-2024-23233 affects macOS Sonoma 14.4 (and prior) where entitlements and privacy permissions granted to an app could be leveraged by a malicious app. The issue was addressed with improved checks and is fixed in macOS Sonoma 14.4. Affected component is the entitlement/privacy-permission handlin...
CVE-2024-23233
This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4. Entitlements and privacy permissions granted to this app may be used by a malicious app...
CVE-2024-23260
This issue was addressed by removing additional entitlements. This issue is fixed in macOS Sonoma 14.4. An app may be able to access user-sensitive data...
CVE-2024-23260
CVE-2024-23260 affects macOS Sonoma before 14.4; root cause: removal of additional entitlements reduces access to user-sensitive data. Fixed in macOS Sonoma 14.4; impact: an app may be able to access user-sensitive data. No exploits detailed in provided sources.
PT-2024-19728 · Apple · Macos Sonoma +1
Name of the Vulnerable Software and Affected Versions: macOS Sonoma versions prior to 14.4 Description: The issue allows entitlements and privacy permissions granted to an app to be used by a malicious app. This was addressed with improved checks. Recommendations: For macOS Sonoma versions prior ...
BuildKit interactive containers API does not validate entitlements check
...
GHSA-WR6V-9F75-VH2G Buildkit's interactive containers API does not validate entitlements check
Impact In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, running such containers is only allowed if specia...
Buildkit's interactive containers API does not validate entitlements check
Impact In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, running such containers is only allowed if specia...
CVE-2024-23653 BuildKit interactive containers API does not validate entitlements check
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask...
CVE-2024-23653 BuildKit interactive containers API does not validate entitlements check
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask...
Improper Handling of Insufficient Privileges (Leaky Vessels)
Overview Affected versions of this package are vulnerable to Improper Handling of Insufficient Privileges Leaky Vessels via APIs for running interactive containers based on built images. It is possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, runnin...