← Back to CVE List

CVE-2018-10470

Published: 2018-06-12T17:29Z
Last Modified: 2024-11-21T03:41Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a fat binary. An attacker can maliciously craft a fat binary containing multiple architectures that may cause a situation where Little Snitch treats the running process as having no code signature at all while erroneously indicating that the binary on disk does have a valid code signature. This could lead to users being confused about whether or not the code signature is valid. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt