This could potentially result in an XPC object of the wrong type being passed as the first argument to the xpc_connection_create_from_endpoint function if controlled by an attacker. The LaunchDaemon implements an XPC service that uses an insecure XPC API for accessing data from an inbound XPC message. ZenMate 1.5.4 for macOS suffers from a type confusion vulnerability within the -xpc LaunchDaemon component. Libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.Ī Local Privilege Escalation vulnerability exists in GlobalProtect Agent for Linux and Mac OS X version 5.0.4 and earlier and version 4.1.12 and earlier, that can allow non-root users to overwrite root files on the file system. An attacker would need local access to the machine for a successful exploit. A user with local access can use this vulnerability to escalate their privileges to root. 87 allowed a local attacker to execute arbitrary code via a crafted HTML page.Ī local privilege escalation vulnerability exists in the Mac OS X version of Pixar Renderman 22.3.0's Install Helper helper tool. Incorrect security UI in MacOS services integration in Google Chrome on OS X prior to.
