CVE-2024-23746

Miro Desktop 0.8.18 on macOS allows local Electron code injection via a complex series of steps that might be usable in some environments bypass a kTCCServiceSystemPolicyAppBundles requirement via a file copy, an app.app/Contents rename, an asar modification, and a rename back to app.app/Contents...

CVE-2024-23746

Miro Desktop 0.8.18 on macOS allows local Electron code injection via a complex series of steps that might be usable in some environments bypass a kTCCServiceSystemPolicyAppBundles requirement via a file copy, an app.app/Contents rename, an asar modification, and a rename back to app.app/Contents...

Code injection

Miro Desktop 0.8.18 on macOS allows code injection via a complex series of steps that might be usable in some environments bypass a kTCCServiceSystemPolicyAppBundles requirement via a file copy, an app.app/Contents rename, an asar modification, and a rename back to app.app/Contents...

CVE-2024-23746

Miro Desktop 0.8.18 on macOS allows local Electron code injection via a complex series of steps that might be usable in some environments bypass a kTCCServiceSystemPolicyAppBundles requirement via a file copy, an app.app/Contents rename, an asar modification, and a rename back to app.app/Contents...

CVE-2024-23746

CVE-2024-23746 (Miro Desktop 0.8.18 on macOS) : Local Electron code injection is possible through a multi-step bypass of kTCCServiceSystemPolicyAppBundles (including a file copy, app.app/Contents rename, an asar modification, then a final rename). This is described across multiple sources as enab...

PT-2024-1419 · Miro · Miro Desktop

Name of the Vulnerable Software and Affected Versions: Miro Desktop version 0.8.18 Description: The issue is related to incorrect code generation management in the Miro digital collaboration platform on macOS, which may allow a remote attacker to execute arbitrary code. The exploitation involves ...