Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a fat binary. An attacker can maliciously craft a fat binary containing multiple architectures that may cause a situation where Little Snitch treats the running process as having no code signature at all while erroneously indicating that the binary on disk does have a valid code signature. This could lead to users being confused about whether or not the code signature is valid.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: obdev
Published: 2018-06-12T00:00:00
Updated: 2018-06-12T17:57:01
Reserved: 2018-04-27T00:00:00
Link: CVE-2018-10470
JSON object: View
NVD Information
Status : Modified
Published: 2018-06-12T17:29:00.207
Modified: 2023-11-07T02:51:28.670
Link: CVE-2018-10470
JSON object: View
Redhat Information
No data.
CWE