Binarynights: >> Forklift >> 3.2.8 Security Vulnerabilities
BinaryNights ForkLift 3.x before 3.4 has a local privilege escalation vulnerability because the privileged helper tool implements an XPC interface that allows file operations to any process (copy, move, delete) as root and changing permissions.
CVSS Score
7.8
EPSS Score
0.002
Published
2020-11-17
BinaryNights ForkLift 3.4 was compiled with the com.apple.security.cs.disable-library-validation flag enabled which allowed a local attacker to inject code into ForkLift. This would allow the attacker to run malicious code with escalated privileges through ForkLift's helper tool.
CVSS Score
7.8
EPSS Score
0.0
Published
2020-11-17