[krita] [Bug 506889] Task injection vulnerability in Krita

[Victor Souza]

https://bugs.kde.org/show_bug.cgi?id=506889

--- Comment #2 from Victor Souza <souza_comz at outlook.com> ---
(In reply to Halla Rempt from comment #1)
> We don't use xcode to developer Krita, of course... This entitlement was
> added to make it possible for users to generate backtraces for bug reports.
> I'm really not sure why this should be a "vulnerability" given that you're
> already executing code at the same privilege level as Krita, too, on the
> same system?

Hi Halla, I totally understand what you mean. It turns out that on macOS, by
default, it's common for an application to only run what's in its sandbox. Even
if the attacker already has local privileges, using this entitlement
significantly lowers the barrier to escalating the attack to other trusted
processes (like Krita), and can be combined with other techniques to exploit
user data, abuse UI spoofing, keylogging, etc. I think it's important because
it's not just theoretical; the BlueNoroff APT recently used this same
technique, which can be read about in the Huntress article:
https://www.huntress.com/blog/inside-bluenoroff-web3-intrusion-analysis

-- 
You are receiving this mail because:
You are watching all bug changes.