← Retour aux CVEs
CVE-2018-6336
HIGH7.8
Description
An issue was discovered in osquery. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. This issue affects osquery prior to v3.2.7
Details CVE
Score CVSS v3.17.8
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vecteur d'attaqueLOCAL
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurREQUIRED
Publie12/31/2018
Derniere modification5/6/2025
Sourcenvd
Observations honeypot0
Produits affectes
linuxfoundation:osquery
Faiblesses (CWE)
CWE-254CWE-354
References
https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/(cve-assign@fb.com)
https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.