Description
This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.5. An application may be able to gain elevated privileges.
Exploits (1)
metasploit
WORKING POC
MANUAL
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/osx/browser/safari_in_operator_side_effect.rb
References (1)
Scores
CVSS v3
5.3
EPSS
0.1892
EPSS Percentile
95.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Details
Status
published
Products (3)
apple/mac_os_x
10.13.6 (13 CPE variants)
apple/mac_os_x
10.14.6 (11 CPE variants)
apple/mac_os_x
10.13 - 10.13.6
Published
Jun 09, 2020
Tracked Since
Feb 18, 2026