Sécurité et conformité
DEVO-2023-0021
Résumé
Remote Desktop Manager for macOS is affected by a vulnerability.
Produits affectés
Remote Desktop Manager for macOS 2023.3.9.3 and earlier
Journal des modifications
2023-12-06 - Initial publication
Sévérité
Low
Produit
Remote Desktop Manager macOS
Version corrigée
2023.3.10.2
Code injection via environment variable
Description
Code injection in Remote Desktop Manager 2023.3.9.3 and earlier on macOS allows an attacker to execute code via the DYLIB_INSERT_LIBRARIES environment variable.
Mesures correctives et solutions de contournement
Upgrade to Remote Desktop Manager macOS 2023.3.10.2 or higher.
Sévérité
4.8 Medium CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/U:Green
Produits affectés
Remote Desktop Manager macOS 2023.3.9.3 and earlier
CVE(s)
CVE-2023-6288
Crédits
YoKo Kho (@yokoacc) and Fahad Alamri (@r3m0t3nu11) from HakTrak Cybersecurity Squad (HakTrak.com)