Unrated severityNVD Advisory· Published Feb 19, 2022· Updated Aug 3, 2024
CVE-2022-25366
CVE-2022-25366
Description
Cryptomator through 1.6.5 allows DYLIB injection because, although it has the flag 0x1000 for Hardened Runtime, it has the com.apple.security.cs.disable-library-validation and com.apple.security.cs.allow-dyld-environment-variables entitlements. An attacker can exploit this by creating a malicious .dylib file that can be executed via the DYLD_INSERT_LIBRARIES environment variable.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <=1.6.5
Patches
Vulnerability mechanics
References
2- cryptomator.orgmitrex_refsource_MISC
- medium.com/%40tehwinsam/cryptomator-1-6-5-dylib-injection-8004a1e90b26mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.