Local Privilege Escalation Vulnerability in Little Snitch by Objective Development
CVE-2017-2675

7.8HIGH

Key Information:

Vendor: Objective Development Software Gmbh
Status: Little Snitch
Vendor: CVE Published:; 6 April 2017

🔔 Create Objective Development Software Gmbh Vulnerability Alert

What is CVE-2017-2675?

A local privilege escalation vulnerability exists in Little Snitch versions 3.0 through 3.7.3. This flaw is linked to how the installer manages the configuration file 'at.obdev.littlesnitchd.plist', which is improperly installed to /Library/LaunchDaemons. Exploiting this vulnerability may allow an attacker to gain elevated privileges, compromising system integrity and user security. Users are encouraged to review their versions and apply any necessary updates or patches as outlined in the official release notes.

Affected Version(s)

Little Snitch 3.0 - 3.7.3

References

https://www.obdev.at/products/littlesnitch/releasenotes.html

x_refsource_CONFIRM

https://twitter.com/patrickwardle/status/849076615170711552

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 6, 2017
Vulnerability Reserved
Dec 1, 2016

JSON