Vulnerability Details CVE-2020-25533
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct a situation where the same PID is used for running two different programs at different times, by leveraging a race condition during crafted use of posix_spawn.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 10.1%
CVSS Severity
CVSS v3 Score 7.0
CVSS v2 Score 6.9
References
Products affected by CVE-2020-25533
-
cpe:2.3:a:malwarebytes:malwarebytes:-