What the vulnerability does

01Description

Little Snitch version 4.5.1 and older changed ownership of a directory path controlled by the user. This allowed the user to escalate to root by linking the path to a directory containing code executed by root.

Key dates

02Disclosure timeline

June 30, 2020 CVE published
August 4, 2024 Record updated