Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
TCC Bypass via Dylib Loading in Viscosity.app
Vulnerability Description
On macOS systems, by utilizing a Launch Agent and loading the viscosity_openvpn process from the application bundle, it is possible to load a dynamic library with Viscosity's TCC (Transparency, Consent, and Control) identity. The acquired resource access is limited without entitlements such as access to the camera or microphone. Only user-granted permissions for file resources apply. Access to other resources beyond granted-permissions requires user interaction with a system prompt asking for permission. This issue was fixed in version 1.11.5 of Viscosity.
CVSS Information
N/A
Vulnerability Type
缺省权限不正确
Vulnerability Title
Sparklabs Viscosity 安全漏洞
Vulnerability Description
Sparklabs Viscosity是澳大利亚Sparklabs公司的一款OpenVPN客户端。 SparkLabs Viscosity 1.11.5之前版本存在安全漏洞,该漏洞源于可能利用Launch Agent加载动态库获取有限资源访问权限。
CVSS Information
N/A
Vulnerability Type
N/A