CVE-2021-40531 PoC — Sketch 代码问题漏洞

Source

https://github.com/jonpalmisc/CVE-2021-40531

Associated Vulnerability

Title:Sketch 代码问题漏洞 (CVE-2021-40531)
Description:Sketch是荷兰Sketch公司的一个macOS专用的矢量图形编辑器。其主要用于网站和移动应用程序的用户界面和用户体验设计，Sketch具有原型设计和协作的功能。 Sketch 存在安全漏洞，该漏洞源于错误处理外部库源之前进行素描。

Description

Quarantine bypass and RCE vulnerability in Sketch (proof-of-concept)

Readme

# CVE-2021-40531

![Exploit Demo](https://jonpalmisc.com/assets/img/cve-2021-40531/demo.gif)

> This proof-of-concept in action.

[Sketch](https://www.sketch.com) is a popular UI/UX design app for macOS. This
post covers a vulnerability in Sketch that I discovered back in July,
CVE-2021-40531. In its simplest form, it is a macOS quarantine bypass, but in
context it can be used for remote code execution.

For more details, see my [blog post](https://jonpalmisc.com/2021/11/22/cve-2021-40531)
for a complete writeup.

## Notes

If you are testing this proof-of-concept locally, be aware that `feed.rss`
expects your web server to be running on port 8080.

File Snapshot


 [4.0K]  /data/pocs/28c69cd000f2a5854bd3bb5815757488015b5c5e
├── [ 627]  feed.rss
├── [1.4K]  index.html
├── [ 615]  payload.terminal
└── [ 657]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!