CVE-2019-8656
MEDIUMmacOS < 10.14.6 - Gatekeeper Bypass via Symbolic Link in NFS Mount
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2019-8656. PoCs published by D00MFist.
AI-analyzed exploit summary This PoC exploits CVE-2019-8656, a Gatekeeper bypass vulnerability in macOS, by creating a malicious .app bundle with a symlink to an NFS share, allowing arbitrary code execution when the user opens the application. The exploit involves setting up an NFS server and crafting a zip file with a symlink to bypass Gatekeeper's quarantine checks.
Description
This was addressed with additional checks by Gatekeeper on files mounted through a network share. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. Extracting a zip file containing a symbolic link to an endpoint in an NFS mount that is attacker controlled may bypass Gatekeeper.
Exploits (1)
This PoC exploits CVE-2019-8656, a Gatekeeper bypass vulnerability in macOS, by creating a malicious .app bundle with a symlink to an NFS share, allowing arbitrary code execution when the user opens the application. The exploit involves setting up an NFS server and crafting a zip file with a symlink to bypass Gatekeeper's quarantine checks.
References (1)
Scores
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N