MacOS Safari AuthPoint Password Manager Extension Local Code Injection

Advisory ID

WGSA-2024-00006

CVE

CVE-2024-1417

Impact

High

Status

Resolved

Product Family

Other Software

Published Date

2024-03-26

Updated Date

2024-03-26

Workaround Available

False

CVSS Score

7.8

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

The AuthPoint Password Manager extension for MacOS Safari versions before 1.0.6 has a local code injection vulnerability that could allow a local authenticated user to execute arbitrary commands under the context of the AuthPoint Password Manager extension.

Affected

Versions before 1.0.6

Resolution

Version 1.0.6

Credits

YoKo Kho and Zayd Alessa from HakTrak Cybersecurity Squad

Advisory Product List

Product Family

Product Branch

Product List

Other Software

AuthPoint (macOS)

Listado de avisos

Go to