Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
TCC Bypass via Dylib Substitution in DaVinci Resolve
Vulnerability Description
Use of entitlement "com.apple.security.cs.disable-library-validation" and lack of launch and library load constraints allows to substitute a legitimate dylib with malicious one. A local attacker with unprivileged access can execute the application with altered dynamic library successfully bypassing Transparency, Consent, and Control (TCC). Acquired resource access is limited to previously granted permissions by the user. Access to other resources beyond granted-permissions requires user interaction with a system prompt asking for permission. This issue affects DaVinci Resolve on macOS in all versions. Last tested version: 19.1.3
CVSS Information
N/A
Vulnerability Type
缺省权限不正确
Vulnerability Title
Blackmagic Design DaVinci Resolve 安全漏洞
Vulnerability Description
Blackmagic Design DaVinci Resolve是一款将剪辑、色彩校正、视觉效果、动态图形和音频后期制作集于一身的软件工具。 Blackmagic Design DaVinci Resolve存在安全漏洞,该漏洞源于动态库加载约束不足,可能导致本地攻击者绕过TCC限制。
CVSS Information
N/A
Vulnerability Type
N/A