CVE-2024-8270
BaseFortify
Publication date: 2025-06-11
Last updated on: 2025-06-12
Assigner: Pentraze
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the macOS Rocket.Chat application allows attackers to bypass Transparency, Consent, and Control (TCC) policies, which normally restrict access to sensitive permissions like microphone, camera, automation, and network client. Because Rocket.Chat is not signed with the Hardened Runtime and does not enforce Library Validation, it is susceptible to DYLIB injection attacks. This means an attacker can inject malicious dynamic libraries to perform unauthorized actions or escalate permissions beyond what the app's sandbox and profile normally allow.
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker could gain unauthorized access to sensitive device capabilities such as the microphone, camera, automation features, or network client functions. This could lead to privacy violations, unauthorized data access, or control over certain device functions without the user's consent or knowledge.