Products Little Snitch Little Snitch Mini Micro Snitch LaunchBar Internet Access Policy Viewer More Products Shop Support Blog

CVE-2020-13095

Local Privilege Escalation via Symbolic Link Following

Little Snitch version 4.5.1 and older changed ownership of a directory path controlled by the user. This allowed the user to escalate to root by linking the path to a directory containing code executed by root.

Versions affected

Little Snitch version 4.5.1 and all older versions are affected. Version 4.5.2 released on May, 16th 2020 fixes the issue.

Mitigation

Upgrade to version 4.5.2 or later.

Ceredits

Credit go to Cees Elzinga (Danish Cyber Defence, https://danishcyberdefence.dk) for discovering this issue.

Little Snitch

Features What’s New Download Release Notes Upgrade

Little Snitch Mini

Features Compare

Other Products

LaunchBar Micro Snitch IAP Viewer

Resources

Internet Access Policy Blog Support Contact Us Lost License

Resources

Internet Access Policy Blog Support Contact Us Lost License

Company

About Us Press Privacy Policy Terms

 

Little Snitch

LaunchBar

© 2025 Objective Development Software GmbH

EnglishDeutsch