CVE-2026-49237 Local Privilege Escalation in Canonical Multipass

An issue was discovered in Canonical Multipass for macOS before version 1.16.3 due to an incomplete fix for CVE-2025-5199. While the patch in version 1.16.0 updated the ownership of the multipassd daemon binary to root:wheel, five co-located binaries multipass, qemu-img, qemu-system-aarch64,...

CVE-2026-49237

Summary of CVE-2026-49237 : Canonical Multipass for macOS (before 1.16.3) is affected due to an incomplete fix for CVE-2025-5199. After the 1.16.0 patch, the multipassd daemon binary is owned by root:wheel, but five co-located binaries in /Library/Application Support/com.canonical.multipass/bin/ ...

Fortinet FortiClientMAC Resource Management Error Vulnerability

Fortinet FortiClientMAC is a U.S. fly tower Fortinet company based on macOS platform security tools. Fortinet FortiClientMAC has a resource management error vulnerability that stems from improper allocation of critical resource permissions, which can be exploited by an attacker to cause a local...

CVE-2025-57741

An Incorrect Permission Assignment for Critical Resource vulnerability CWE-732 in FortiClientMac 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0 all versions may allow a local attacker to run arbitrary code or commands via LaunchDaemon hijacking...

CVE-2025-57741

An Incorrect Permission Assignment for Critical Resource vulnerability CWE-732 in FortiClientMac 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0 all versions may allow a local attacker to run arbitrary code or commands via LaunchDaemon hijacking...

CVE-2025-57741

FortiClientMac has an Incorrect Permission Assignment for a Critical Resource vulnerability (CWE-732) affecting versions 7.0–7.2.11 and 7.4.0–7.4.3. The issue enables a local attacker to execute arbitrary code via LaunchDaemon hijacking due to improper resource permissions. Remediation per PT-202...

CVE-2025-57741

An Incorrect Permission Assignment for Critical Resource vulnerability CWE-732 in FortiClientMac 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0 all versions may allow a local attacker to run arbitrary code or commands via LaunchDaemon hijacking...

Fortinet FortiClientMAC 安全漏洞

Fortinet FortiClientMAC is a U.S. fly tower Fortinet company based on macOS platform security tools. Fortinet FortiClientMAC has a resource management error vulnerability that stems from improper allocation of critical resource permissions, which can be exploited by an attacker to cause a local...

PT-2025-41963

Name of the Vulnerable Software and Affected Versions FortiClientMac versions 7.0 through 7.2.11 FortiClientMac versions 7.4.0 through 7.4.3 Description An incorrect permission assignment for a critical resource may allow a local attacker to run arbitrary code or commands via LaunchDaemon...

EUVD-2006-0647

Malware in sbrugna...

EUVD-2025-11944

Malicious code in bioql PyPI...

New macOS XCSSET Variant Targets Firefox with Clipper and Persistence Module

Cybersecurity researchers have discovered an updated version of a known Apple macOS malware called XCSSET that has been observed in limited attacks. "This new variant of XCSSET brings key changes related to browser targeting, clipboard hijacking, and persistence mechanisms," the Microsoft Threat...

XCSSET evolves again: Analyzing the latest updates to XCSSET’s inventory

Microsoft Threat Intelligence has identified yet another XCSSET variant in the wild that introduces further updates and new modules beyond those detailed in our March 2025 blog post. The XCSSET malware is designed to infect Xcode projects, typically used by software developers, and run while an...

XCSSET evolves again: Analyzing the latest updates to XCSSET’s inventory

Microsoft Threat Intelligence has identified yet another XCSSET variant in the wild that introduces further updates and new modules beyond those detailed in our March 2025 blog post. The XCSSET malware is designed to infect Xcode projects, typically used by software developers, and run while an...

CHILLYHELL macOS Backdoor and ZynorRAT RAT Threaten macOS, Windows, and Linux Systems

Cybersecurity researchers have discovered two new malware families, including a modular Apple macOS backdoor called CHILLYHELL and a Go-based remote access trojan RAT named ZynorRAT that can target both Windows and Linux systems. According to an analysis from Jamf Threat Labs, ChillyHell is writt...

macOS LaunchDaemon iOS 17.2 - Privilege Escalation

!/usr/bin/env python3 Exploit Title: macOS LaunchDaemon iOS 17.2 - Privilege Escalation Author: Mohammed Idrees Banyamer @banyamersecurity GitHub: https://github.com/mbanyamer Date: 2025-05-31 Tested on: macOS Sonoma 14.x ARM64 / x8664 CVE: CVE-2025-24085 Type: Local Privilege Escalation Platform...

CVE-2025-43917

In Pritunl Client before 1.3.4220.57, an administrator with access to /Applications can escalate privileges after uninstalling the product. Specifically, an administrator can insert a new file at the pathname of the removed pritunl-service file. This file then is executed by a LaunchDaemon as roo...

CVE-2025-43917

In Pritunl Client before 1.3.4220.57, an administrator with access to /Applications can escalate privileges after uninstalling the product. Specifically, an administrator can insert a new file at the pathname of the removed pritunl-service file. This file then is executed by a LaunchDaemon as roo...

CVE-2025-43917

In Pritunl Client before 1.3.4220.57, an administrator with access to /Applications can escalate privileges after uninstalling the product. Specifically, an administrator can insert a new file at the pathname of the removed pritunl-service file. This file then is executed by a LaunchDaemon as roo...

Groupnotes Inc. Videostream Mac client allows for privilege escalation to root account

Overview Groupnotes Inc. Videostream Mac client installs a LaunchDaemon that runs with root privileges. The daemon is vulnerable to a race condition that allows for arbitrary file writes. A low privileged attacker can escalate privileges to root on affected systems. Description Every five hours t...