CVE-2017-2675

Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. The vulnerability is related to the installation of the configuration file "at.obdev.littlesnitchd.plist" which gets installed to /Library/LaunchDaemons.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
obdevCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
VendorProductVersion
obdevlittle_snitch
3.0
obdevlittle_snitch
3.0.1
obdevlittle_snitch
3.0.2
obdevlittle_snitch
3.0.3
obdevlittle_snitch
3.0.4
obdevlittle_snitch
3.1
obdevlittle_snitch
3.1.1
obdevlittle_snitch
3.3
obdevlittle_snitch
3.3.1
obdevlittle_snitch
3.3.2
obdevlittle_snitch
3.3.3
obdevlittle_snitch
3.3.4
obdevlittle_snitch
3.4
obdevlittle_snitch
3.4.1
obdevlittle_snitch
3.4.2
obdevlittle_snitch
3.5
obdevlittle_snitch
3.5.1
obdevlittle_snitch
3.5.2
obdevlittle_snitch
3.5.3
obdevlittle_snitch
3.6
obdevlittle_snitch
3.6.1
objective_developmentlittle_snitch
3.6.2
objective_developmentlittle_snitch
3.6.3
objective_developmentlittle_snitch
3.6.4
objective_developmentlittle_snitch
3.7
objective_developmentlittle_snitch
3.7.1
objective_developmentlittle_snitch
3.7.2
objective_developmentlittle_snitch
3.7.3
𝑥
= Vulnerable software versions
References
https://twitter.com/patrickwardle/status/849076615170711552
https://www.obdev.at/products/littlesnitch/releasenotes.html
https://twitter.com/patrickwardle/status/849076615170711552
https://www.obdev.at/products/littlesnitch/releasenotes.html