BinaryNights ForkLift 3.4 was compiled with the com.apple.security.cs.disable-library-validation flag enabled which allowed a local attacker to inject code into ForkLift. This would allow the attacker to run malicious code with escalated privileges through ForkLift's helper tool.
References
Link | Resource |
---|---|
https://insinuator.net/2020/11/forklift-lpe/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-11-17T01:58:17
Updated: 2020-11-17T01:58:17
Reserved: 2020-10-16T00:00:00
Link: CVE-2020-27192
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-11-17T02:15:13.627
Modified: 2021-07-21T11:39:23.747
Link: CVE-2020-27192
JSON object: View
Redhat Information
No data.
CWE