Sketch before 75 allows library feeds to be used to bypass file quarantine. Files are automatically downloaded and opened, without the com.apple.quarantine extended attribute. This results in remote code execution, as demonstrated by CommandString in a terminal profile to Terminal.app.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-09-06T20:17:01

Updated: 2024-08-04T02:44:10.783Z

Reserved: 2021-09-06T00:00:00

Link: CVE-2021-40531

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-09-06T21:15:07.370

Modified: 2024-11-21T06:24:20.427

Link: CVE-2021-40531

cve-icon Redhat

No data.