Products Little Snitch Little Snitch Mini Micro Snitch LaunchBar Internet Access Policy Viewer More Products Shop Support Blog

CVE-2019-13014

Vulnerable component not removed during upgrade

Little Snitch version 4.4.0 fixes a vulnerability in a privileged helper tool. However, the operating system may have made a copy of the privileged helper. This copy is not updated or removed by the upgrade procedure, it is only updated when the user requests a Diagnostics Report via Little Snitch Configuration. Computers may therefore still be vulnerable after an upgrade to 4.4.0.

Versions affected

Only Little Snitch version 4.4.0 is affected. All newer versions remove any copies of the privileged helper tool the operating system may have made.

Mitigation

We recommend upgrading to Little Snitch 4.4.1 or higher. If an upgrade is not possible for whatever reason, just remove copies of privileged helper manually by executing the following commands in a Terminal window:

sudo launchctl unload /Library/LaunchDaemons/at.obdev.LittleSnitchHelper.LSHelperService.plist
sudo rm -f /Library/PrivilegedHelperTools/at.obdev.LittleSnitchHelper.LSHelperService
sudo rm -f /Library/LaunchDaemons/at.obdev.LittleSnitchHelper.LSHelperService.plist
EnglishDeutsch
© 2023 Objective Development Software GmbHAbout UsPressPrivacyTerms

© 2023 Objective Development Software GmbH

About UsPressPrivacyTerms