Cryptomator through 1.6.5 allows DYLIB injection because, although it has the flag 0x1000 for Hardened Runtime, it has the com.apple.security.cs.disable-library-validation and com.apple.security.cs.allow-dyld-environment-variables entitlements. An attacker can exploit this by creating a malicious .dylib file that can be executed via the DYLD_INSERT_LIBRARIES environment variable.
oryginał ENCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HCryptomator
APPCryptomator≤ 1.6.5
Powiązane podatności
Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, the Hub-based unlock ...
Cryptomator for IOS offers multi-platform transparent client-side encryption for files in the cloud. Prior to ...
Cryptomator for Android offers multi-platform transparent client-side encryption for files in the cloud. Prior...
Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, an integrity check vu...
Cryptomator is data encryption software for users who store their files in the cloud. Prior to version 1.9.2, ...