// For flags

CVE-2020-25533

 

Severity Score

7.0
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct a situation where the same PID is used for running two different programs at different times, by leveraging a race condition during crafted use of posix_spawn.

Se detectó un problema en Malwarebytes versiones anteriores a 4.0 en macOS. Una aplicación maliciosa pudo llevar a cabo una acción privilegiada dentro del demonio de inicio de Malwarebytes. El servicio privilegiado comprobó inapropiadamente unas conexiones XPC al confiar en el PID en lugar del token de auditoría. Un atacante puede crear una situación en la que es usado el mismo PID para ejecutar dos programas diferentes en momentos diferentes, al aprovechar una condición de carrera durante un uso de posix_spawn diseñado

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-09-14 CVE Reserved
  • 2021-01-15 CVE Published
  • 2024-05-20 EPSS Updated
  • 2024-08-04 CVE Updated
  • 2024-08-04 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Malwarebytes
Search vendor "Malwarebytes"
 Malwarebytes
Search vendor "Malwarebytes" for product "Malwarebytes"
 < 4.0
Search vendor "Malwarebytes" for product "Malwarebytes" and version " < 4.0"
macos
Affected