Products Little Snitch Little Snitch Mini Micro Snitch LaunchBar Internet Access Policy Viewer More Products Shop Support Blog

CVE-2020-13095

Local Privilege Escalation via Symbolic Link Following

Little Snitch version 4.5.1 and older changed ownership of a directory path controlled by the user. This allowed the user to escalate to root by linking the path to a directory containing code executed by root.

Versions affected

Little Snitch version 4.5.1 and all older versions are affected. Version 4.5.2 released on May, 16th 2020 fixes the issue.

Mitigation

Upgrade to version 4.5.2 or later.

Ceredits

Credit go to Cees Elzinga (Danish Cyber Defence, https://danishcyberdefence.dk) for discovering this issue.

EnglishDeutsch
© 2023 Objective Development Software GmbHAbout UsPressPrivacyTerms

© 2023 Objective Development Software GmbH

About UsPressPrivacyTerms