CVE-2024-8270

The macOS Rocket.Chat application is affected by a vulnerability that allows bypassing Transparency, Consent, and Control TCC policies, enabling the exploitation or abuse of permissions specified in its entitlements e.g., microphone, camera, automation, network client. Since Rocket.Chat was not...

CVE-2024-8270

The set of documents confirms a macOS Rocket.Chat vulnerability (CVE-2024-8270) where a missing Hardened Runtime and Library Validation enables DYLIB injection, bypassing TCC policies and granting permissions not allowed by default under Sandbox/app profile (e.g., microphone, camera, automation, ...

CVE-2024-8270 macOS Rocket.Chat: TCC Policy Bypass via Dylib Injection Due to Missing Code Signing Flags and Dangerous Entitlements

The macOS Rocket.Chat application is affected by a vulnerability that allows bypassing Transparency, Consent, and Control TCC policies, enabling the exploitation or abuse of permissions specified in its entitlements e.g., microphone, camera, automation, network client. Since Rocket.Chat was not...

CVE-2024-8270 macOS Rocket.Chat: TCC Policy Bypass via Dylib Injection Due to Missing Code Signing Flags and Dangerous Entitlements

The macOS Rocket.Chat application is affected by a vulnerability that allows bypassing Transparency, Consent, and Control TCC policies, enabling the exploitation or abuse of permissions specified in its entitlements e.g., microphone, camera, automation, network client. Since Rocket.Chat was not...