6 matches found
macOS PackageKit ZSH Environment Privilege Escalation
This module exploits CVE-2024-27822, a vulnerability in macOS PackageKit.framework where PKG installer scripts using a ZSH shebang !/bin/zsh are executed as root while inheriting the installing user's environment. This causes ZSH to load the user's /.zshenv with root privileges before the install...
PT-2026-26738
OpenClaw versions prior to 2026.2.22 fail to sanitize shell startup environment variables HOME and ZDOTDIR in the system.run function, allowing attackers to bypass command allowlist protections. Remote attackers can inject malicious startup files such as .bash profile or .zshenv to achieve...
North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS
A threat actor with ties to the Democratic People's Republic of Korea DPRK has been observed targeting cryptocurrency-related businesses with a multi-stage malware capable of infecting Apple macOS devices. Cybersecurity company SentinelOne, which dubbed the campaign Hidden Risk , attributed it wi...
CVE-2024-27301 Privilege Escalation Abusing installer in SupportApp
Support App is an opensource application specialized in managing Apple devices. It's possible to abuse a vulnerability inside the postinstall installer script to make the installer execute arbitrary code as root. The cause of the vulnerability is the fact that the shebang !/bin/zsh is being used...
PT-2024-21805
Name of the Vulnerable Software and Affected Versions Support App versions prior to 2.5.1 Rev 2 Description The issue is related to the postinstall installer script, which can be abused to execute arbitrary code as root due to the use of the shebang !/bin/zsh. When the installer is executed, it...
Security update for zsh (important)
This update for zsh to version 5.6.2 fixes the following issues: These security issues were fixed: - CVE-2018-0502: The beginning of a ! script file was mishandled, potentially leading to an execve call to a program named on the second line bsc1107296 - CVE-2018-13259: Shebang lines exceeding 64...