漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
TCC Bypass via Dylib Loading in Viscosity.app
Vulnerability Description
On macOS systems, by utilizing a Launch Agent and loading the viscosity_openvpn process from the application bundle, it is possible to load a dynamic library with Viscosity's TCC (Transparency, Consent, and Control) identity. The acquired resource access is limited without entitlements such as access to the camera or microphone. Only user-granted permissions for file resources apply. Access to other resources beyond granted-permissions requires user interaction with a system prompt asking for permission. This issue was fixed in version 1.11.5 of Viscosity.
CVSS Information
N/A
Vulnerability Type
缺省权限不正确
Vulnerability Title
Sparklabs Viscosity 安全漏洞
Vulnerability Description
Sparklabs Viscosity是澳大利亚Sparklabs公司的一款OpenVPN客户端。 SparkLabs Viscosity 1.11.5之前版本存在安全漏洞,该漏洞源于可能利用Launch Agent加载动态库获取有限资源访问权限。
CVSS Information
N/A
Vulnerability Type
N/A