Security Advisory Detail

MacOS Safari AuthPoint Password Manager Extension Local Code Injection

Advisory ID
WGSA-2024-00006
CVE
CVE-2024-1417
Impact
High
Status
Resolved
Product Family
Other Software
Published Date
Updated Date
Workaround Available
False
CVSS Score
7.8
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary

The AuthPoint Password Manager extension for MacOS Safari versions before 1.0.6 has a local code injection vulnerability that could allow a local authenticated user to execute arbitrary commands under the context of the AuthPoint Password Manager extension.

Affected

Versions before 1.0.6

Resolution

Version 1.0.6

Credits
YoKo Kho and Zayd Alessa from HakTrak Cybersecurity Squad
Advisory Product List
Product Family
Product Branch
Product List
Other Software
AuthPoint (macOS)
AuthPoint (macOS)