CVE-2021-40531

CRITICAL

Sketch <75 - RCE

Title source: llm

Description

Sketch before 75 allows library feeds to be used to bypass file quarantine. Files are automatically downloaded and opened, without the com.apple.quarantine extended attribute. This results in remote code execution, as demonstrated by CommandString in a terminal profile to Terminal.app.

Exploits (1)

nomisec WRITEUP 13 stars

by jonpalmisc · poc

https://github.com/jonpalmisc/CVE-2021-40531

View Code ZIP pw:eip

References (2)

[Patch, Release Notes, Vendor Advisory] https://www.sketch.com/updates/#version-75

[Exploit, Third Party Advisory] https://jonpalmisc.com/2021/11/22/cve-2021-40531

Scores

CVSS v3 9.8

EPSS 0.0671

EPSS Percentile 91.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

sketch/sketch < 75

Published Sep 06, 2021

Tracked Since Feb 18, 2026