CVE-2018-10470— Objective Development Little Snitch 安全漏洞

N/A

Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a fat binary. An attacker can maliciously craft a fat binary containing multiple architectures that may cause a situation where Little Snitch treats the running process as having no code signature at all while erroneously indicating that the binary on disk does have a valid code signature. This could lead to users being confused about whether or not the code signature is valid.

N/A

密码学签名的验证不恰当

Objective Development Little Snitch 安全漏洞

Objective Development Little Snitch是奥地利Objective Development公司的一套专用于Mac的个人安全软件。 Objective Development Little Snitch 4.0版本至4.0.6版本中存在安全漏洞，该漏洞源于程序没有将kSecCSCheckAllArchitectures旗标发送到‘SecStaticCodeCheckValidityWithErrors()’函数并且程序没有验证fat binary中的所有框架。攻击者可借助恶意制

N/A

N/A