Vulnerability Description
XADMaster is an objective-C library for archive and file unarchiving and extraction. When extracting a specially crafted zip archive XADMaster may not apply quarantine attribute correctly. Such behaviour may circumvent Gatekeeper checks on the system. Only macOS installations are affected. This issue was fixed in XADMaster 1.10.8. It is recommended to upgrade to the latest version. There are no known workarounds for this issue.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://github.com/MacPaw/XADMaster/commit/b75c05bc3bca9e183ecd3c512e270ce93006d
- https://github.com/MacPaw/XADMaster/security/advisories/GHSA-xg3c-r7w5-7xw2
- https://github.com/MacPaw/XADMaster/commit/b75c05bc3bca9e183ecd3c512e270ce93006d
- https://github.com/MacPaw/XADMaster/security/advisories/GHSA-xg3c-r7w5-7xw2
FAQ
What is CVE-2024-22405?
CVE-2024-22405 is a vulnerability with a CVSS score of 5.5 (MEDIUM). XADMaster is an objective-C library for archive and file unarchiving and extraction. When extracting a specially crafted zip archive XADMaster may not apply quarantine attribute correctly. Such behavi...
How severe is CVE-2024-22405?
CVE-2024-22405 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-22405?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.