CVE-2018-10470
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2018-10470
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a fat binary. An attacker can maliciously craft a fat binary containing multiple architectures that may cause a situation where Little Snitch treats the running process as having no code signature at all while erroneously indicating that the binary on disk does have a valid code signature. This could lead to users being confused about whether or not the code signature is valid.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
密码学签名的验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Objective Development Little Snitch 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Objective Development Little Snitch是奥地利Objective Development公司的一套专用于Mac的个人安全软件。 Objective Development Little Snitch 4.0版本至4.0.6版本中存在安全漏洞,该漏洞源于程序没有将kSecCSCheckAllArchitectures旗标发送到‘SecStaticCodeCheckValidityWithErrors()’函数并且程序没有验证fat binary中的所有框架。攻击者可借助恶意制
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Objective Development Software GmbH | Little Snitch | 4.0 - 4.0.6 | - |
II. Public POCs for CVE-2018-10470
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2018-10470
请登录查看更多情报信息。
- https://obdev.at/cve/2018-10470-8FRWkW4oH8.htmlx_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2018-10470
IV. Related Vulnerabilities
Same product: Little Snitch
Same weakness: CWE-347
- CVE-2026-44714
bitcoinj: ScriptExecution P2PKH/P2WPKH Verification Bypass - CVE-2026-44309
gitsign verify accepts signatures over go-git-normalized byt - CVE-2024-36334
AMD Radeon显卡驱动存在权限提升漏洞 - CVE-2026-0265
PAN-OS: Authentication Bypass with Cloud Authentication Serv - CVE-2026-41431
Zen Browser MAR updater ships with signature verification re
V. Comments for CVE-2018-10470
No comments yet