CVE-2024-22405
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Summary
XADMaster is an objective-C library for archive and file unarchiving and extraction. When extracting a specially crafted zip archive XADMaster may not apply quarantine attribute correctly. Such behaviour may circumvent Gatekeeper checks on the system. Only macOS installations are affected. This issue was fixed in XADMaster 1.10.8. It is recommended to upgrade to the latest version. There are no known workarounds for this issue.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| MacPaw | XADMaster | < 1.10.8 | affected |
Weaknesses
- CWE-281: CWE-281: Improper Preservation of Permissions
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://github.com/MacPaw/XADMaster/security/advisories/GHSA-xg3c-r7w5-7xw2
- https://github.com/MacPaw/XADMaster/commit/b75c05bc3bca9e183ecd3c512e270ce93006da3c
References
- https://github.com/MacPaw/XADMaster/security/advisories/GHSA-xg3c-r7w5-7xw2
- https://github.com/MacPaw/XADMaster/commit/b75c05bc3bca9e183ecd3c512e270ce93006da3c
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.