CVE-2018-10405

HIGH Year: 2018
CVSS v3 Score
7.8
High
CVSS v2 Score
6.8
Medium
Weakness Type
CWE-295
View all →

Vulnerability Description

An issue was discovered in Google Santa and molcodesignchecker. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute.

Related Vulnerabilities

CVE-2018-10403

HIGH
CVSS:7.8(High)

An issue was discovered in F-Secure XFENCE and Little Flocker. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/...

CWE-2952018

CVE-2018-10404

HIGH
CVSS:7.8(High)

An issue was discovered in Objective-See KnockKnock, LuLu, TaskExplorer, WhatsYourSign, and procInfo. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not compl...

CWE-2952018

CVE-2018-10406

HIGH
CVSS:7.8(High)

An issue was discovered in Yelp OSXCollector. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the u...

CWE-2952018

CVE-2018-10408

HIGH
CVSS:7.8(High)

An issue was discovered in VirusTotal. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of ...

CWE-2952018

CVE-2020-8289

HIGH
CVSS:7.8(High)

Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before 7.0.1.434 suffer from improper certificate validation in `bztransmit` helper due to hardcoded whitelist of strings in URLs where v...

CWE-2952020

CVE-2021-3162

HIGH
CVSS:7.8(High)

Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.

CWE-2952021