Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-22635: Fortiguard

A download of code without Integrity check vulnerability [CWE-494] in FortiClientMac version 7.0.0 through 7.0.7, 6.4 all versions, 6.2 all versions, 6.0 all versions, 5.6 all versions, 5.4 all versions, 5.2 all versions, 5.0 all versions and 4.0 all versions may allow a local attacker to escalate their privileges via modifying the installer upon upgrade.

CVE
Open in Source
#vulnerability#mac

** PSIRT Advisories**

FortiClient (Mac) - update functionality may lead to privilege escalation vulnerability

Summary

A download of code without Integrity check vulnerability [CWE-494] in FortiClientMac may allow a local attacker to escalate their privileges via modifying the installer upon upgrade.

Affected Products

FortiClientMac version 7.0.0 through 7.0.7
FortiClientMac version 6.4 all versions
FortiClientMac version 6.2 all versions
FortiClientMac version 6.0 all versions

Solutions

Please upgrade to FortiClientMac version 7.0.8 or above.
Please upgrade to FortiClientMac version 7.2.0 or above.

Acknowledgement

Internally discovered and reported by Eric Hu of Fortinet Software Development team.

Timeline

2023-04-03: Initial publication

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE