← volver
CVE-2018-10470

CVE-2018-10470

EPSS 0.6%CWE-347
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
12 jun 2018Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a fat binary. An attacker can maliciously craft a fat binary containing multiple architectures that may cause a situation where Little Snitch treats the running process as having no code signature at all while erroneously indicating that the binary on disk does have a valid code signature. This could lead to users being confused about whether or not the code signature is valid.
Productos afectados
Objective Development Software GmbH · Little Snitch

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://obdev.at/cve/2018-10470-8FRWkW4oH8.htmlhttps://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/