CVE-2024-22405

XADMaster may not apply quarantine attribute correctly to extracted files

CVSS 5.5 MEDIUMEPSS 0.2%CWE-281

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 5.5EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

30 abr 2024Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

XADMaster is an objective-C library for archive and file unarchiving and extraction. When extracting a specially crafted zip archive XADMaster may not apply quarantine attribute correctly. Such behaviour may circumvent Gatekeeper checks on the system. Only macOS installations are affected. This issue was fixed in XADMaster 1.10.8. It is recommended to upgrade to the latest version. There are no known workarounds for this issue.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Produtos afetados

MacPaw · XADMaster

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/MacPaw/XADMaster/commit/b75c05bc3bca9e183ecd3c512e270ce93006da3c https://github.com/MacPaw/XADMaster/security/advisories/GHSA-xg3c-r7w5-7xw2